Ransomware is an emergent threat in the evolution of hacker techniques to part you from your money. In our review of internet security suites, Norton Internet Security emerged as one of the very best. Therefore, to get expert opinion about how to avoid becoming a victim of ransomware, TopTenREVIEWS interviewed Liam O. Murchu, manager of operations for security response with Norton by Symantec.
TopTenREVIEWS: What is ransomware and why is it on the increase in the United States?
Murchu: Ransomware is a particularly nasty form of malicious software that hijacks a victim's computer and renders it useless by locking it down until a ransom is paid. Often, the cybercriminals will display a message from what appears to be a local or federal law enforcement agency – for example, the FBI. The victim will be made to believe they've accessed illicit material on the web and must pay a fine as punishment.
It is on the rise now because organized cybercrime syndicates have realized the profit potential of such attacks. Now that they have established an economic model that works, they are ramping up the scale of the attacks to maximize their profits.
TopTenREVIEWS: What are some early examples? How has it evolved? What are some of the most interesting recent schemes?
Murchu: We saw the first iterations of ransomware appear in Russia and Russian-speaking countries in 2009. Since then, we've seen ransomware tactics evolve, as well as its victims. The threat has spread from one or two Eastern European countries, throughout Europe and into the U.S. and Canada.
The threats have also evolved in what they do and how they dupe victims. At first, they encrypted victims' files and held them ransom. The newest iterations, however, have moved beyond simply encrypting victims' files and now lock victims' entire computers so that they are completely unusable.
Moreover, more recent ransomware impersonates law enforcement agencies so the victim may not even realize they are being held ransom at all, but rather thinks they are paying a legitimate fine.
Attackers have also tried multiple tactics for collecting the actual ransom money – via premium-rate phone calls and SMS, wire-transfer services and others. However, all of these methods have a high risk for attackers. Most recently, they've moved to the prepaid card system, which has reduced their risk.
TopTenREVIEWS: Would you please explain the difference between encrypting ransomware and non-encrypting ransomware?
Murchu: The majority of ransomware threats we're currently seeing do not encrypt victims' files. Rather, they hope to trick or embarrass victims into paying the ransom by stating that they have been looking at illicit content and must pay a fine. They go so far as to show a visual purporting to be from local or federal law enforcement agencies.
There are still some variants of ransomware that encrypt victims' files. In these cases, the files cannot be recovered without the decryption key, which only the attacker knows. This type of ransomware is more destructive. Often, the attacker will not decrypt the files even if the ransom is paid. Having a recent backup of your files is an important factor in dealing with such threats.
TopTenREVIEWS: Is ransomware comprised of existing malware methods or is it in its own class?
Murchu: Ransomware is commonly spread through web exploits and drive-by-downloads, which are well-established methods for propagating malware. In the case of drive-by-downloads, users will typically visit a compromised site, which will begin downloading malicious software onto the user's computer without their knowledge.
However, the malware known as ransomware itself is identified as its own class, differentiated by the demand for a ransom payment from victims by locking the computer, and also by using imagery that embarrasses or coerces the user into complicity.
Ransomware uses many of the same techniques that other malware families use – for example, Trojan Horses and Downloaders. Without the threats' ransom payment aspect, these ransomware malwares would fall into one of those categories. In particular, with the latest iteration of ransomware, the fact that the attackers are paid via prepaid money cards is a feature we have not seen in other malware before.
TopTenREVIEWS: Can security software protect against ransomware?
Murchu: Yes, Norton products protect against known ransomware variants. The Symantec Security Response team is dedicated to monitoring for new variants and developing generic ransomware signatures. Additionally, our technical support agents continuously evaluate our performance against ransomware and respond to any new developments. As a result of the efforts, we are confident that we are providing reliable protection to our customers.
As with all threats, we cannot guarantee 100-percent protection. However, our teams are dedicated to monitoring for new variants, evaluating the performance of our products and responding to new any developments.
TopTenREVIEWS: Norton products are excellent at defending against malware, but no security software can defend against every possible attempt to breach security. Fortunately, Norton products are also excellent at repairing zero-day infections after they have occurred. How does a Norton user recover from a successful ransomware attack? For example, what should be the first action by a Norton Internet Security user if all of a sudden their wallpaper morphs into a demand to remit money in return for the key to unlock the files that the hackers have encrypted?
Tips for Consumers to Avoid Ransomware
- The most common ways that ransomware infects a computer are through web exploits and drive-by downloads, which occur most often when users visit a compromised website. Use security software from a trusted provider on your computer to protect against these security threats, which are often naked to the eye.
- Stick to familiar or reputable sites when browsing the web. For unknown sites, use a reputation service tool like Norton Safe Web to show you how safe a site is before you click on the link.
- The software that contains ransomware can also be distributed through spam emails. To protect yourself, use a spam filter on your email and don't open any emails or attachments from people you don't know.
Tips for Consumers Who Suspect They Are Infected With Ransomware
- Most importantly, do not pay the ransom. It's extremely unlikely that you will get access to your computer back by doing so, since the cybercriminals are only concerned about getting your money.
- If you think you are infected with ransomware, run a full system scan using security software on the compromised computer.
- If the problem persists, restart your computer in Safe mode and run another scan to identify and remove all security threats.
- As a last resort, use a rescue tool like Norton Power Eraser, which is designed to remove deeply embedded security threats.
TopTenREVIEWS: What else would you like to say about Norton and ransomware?
Murchu: Ransomware is on the rise and a trend that we'll continue to see into 2013. Led by the proliferation of online payment methods that make it easy for cybercriminals to make a profit off these scams, ransomware scams will become even more common.
According to Norton's 2013 predictions, cybercriminals will begin using more professional ransomware screens, up the emotional appeal to motivate their victims and make it harder to recover computers once they have been compromised. Consumers need to educate themselves about these types of scams and make sure they are following best practices to stay protected.
TopTenREVIEWS: Thank you so much, Liam, for sharing your knowledge about ransomware. We trust that those who take your advice to heart will be less likely to become victims of such mean-spirited scams.
At TopTenREVIEWS We Do the Research So You Don't Have To.™