Ransomware is everywhere on the news these days because it’s such a successful attack strategy: offshore hackers encrypt your data and demand a ransom for its return. Formerly relegated to home users and small sub-$1000 payouts, the criminals are moving up-market: targeting businesses. Until agencies find ways to catch and prosecute these bad actors, ransomware will continue to grow as a problem.
The idea behind ransomware is to encrypt someone’s files, and then charge a ransom to decrypt them. It’s a far more direct revenue model than most hacking schemes, which require pulling data and then reselling it on the black market. Attacks like Cryptowall have themselves have gotten sophisticated – there are hundreds of thousands of variants, and basic anti-virus tools simply can’t keep up as new forms are created every day. But these attacks share some common similarities, and that is where you can begin to combat them.
Cryptowall and all its variants typically rely on phishing – i.e., getting the user to take an action, either opening an infected email attachment or visiting an infected website. These are called social engineering attacks. The email attachment attack is far more common, and Windows hidden extension feature allows attackers to simply append a seemingly-benign file type such as a PDF to the email. Once the attachment is opened, the file does its work, silently in the background until the infection is complete and the ransom note is delivered.