Surprisingly enough, the concept of ransomware is not new. In fact, the first ideas about it date back to the late 1980s, although the first full proposal was made by ADAM L. Young and MOTI Yung [1] of Columbia University in 1996 (!). This article has prevented ransomware from becoming the problem it is today. Surely, cybercriminals must not have had access to (or been able to understand) good cryptography manuals.
Cybersecurity_hack.jpg
Predictably, however, at some point these programmers would start to study, and since about 2012 the situation has changed dramatically, becoming probably the biggest threat to information systems. The concept is actually very simple: ransomware - ransom, ransom, and ware, software shortening - is a malicious programme that infects computers and encrypts their files until the user pays a ransom to get them back.
This attack is nowadays, in fact, a very lucrative business. It is estimated that in 2018 the global cost of ransomware attacks in the world was around 8 billion dollars, and could exceed 11.5 billion this 2019 [2]. Probably the best known example was WannaCry in 2017, which affected many large companies and institutions in our country.
How to protect yourself from ransomware?
As we will see below, there are no "shortcuts", no way to recover the encryption keys without paying the corresponding reward. Therefore, I recommend 3 keys to protect our computers from a ransomware attack:
(1) diligently apply OS security patches,
(2) have a good anti-virus and, above all,
(3) have up-to-date backups of our data.
Come on, seriously, is there really no way to retrieve the files without paying? No, there isn't. Only for early versions of ransomware, which contained numerous bugs, can you try your luck at No More Ransom [3], a repository of old decryption keys maintained by Europol, the German police, Kaspersky and McAfee. However, virtually all currently existing ransomware variants are well implemented. So much so that ProPublica [4] has reported that some companies that can supposedly recover data hijacked by ransomware actually pay the bounty to the cybercriminals, without informing the user (and pass it on to the affected user, of course, plus a generous commission).
To pay or not to pay?
Obviously, all cybersecurity institutions and companies recommend against paying the bounty for many reasons, most of them very reasonable. However, sometimes the cure can be worse than the disease. Recently, the city of Atlanta suffered a ransomware attack and its administrators decided that they would not pay the bounty under any circumstances [5]. The result? They eventually spent more than $2.5 million to recover their systems, when the initial bounty was just under $50,000 in bitcoin.
However, despite the above scenario, the real problem with ransomware is yet to come, when it makes the leap to the Internet of Things, or IoT. Indeed, every device is becoming a computer, like our microwave, fridge, car or television. And from the moment they connect to the internet, they become vulnerable to ransomware and other threats.
Keyboard_hack.jpg
It is therefore only a matter of time before our car refuses to start and displays a warning on its screen informing us that it will not start until we pay an amount in bitcoins as a reward. Or our phone, fridge, electronic lock or defibrillator (which can be compromised from tens of metres away) [6]. You finish the list.
The real problem in this case is that the mitigating solutions discussed above do not even work in this case. So far, there is no way to back up the software of our refrigerator and, in any case, the process of recovering it is not within the reach of most users. Moreover, these devices are (supposedly) designed to last for many years, like a car, as opposed to the much shorter replacement times of computers and mobile phones.
Finally, to make matters worse, security is often the last priority for manufacturers of these IoT devices, so many do not have dedicated engineering teams, nor are their devices upgradeable. One example is the Mirai botnet, which infected hundreds of thousands of digital cameras and webcams and launched a denial of service (DoS) attack, resulting in many services such as Twitter being knocked out for hours. Most of the attacked devices cannot be fixed in any way, so they remain vulnerable.
The solution, like everything else in the field of cybersecurity, is neither simple nor immediate, but in my opinion it will happen in the long term in the form of much more demanding regulations by the authorities, which will force manufacturers to assume the consequences of manufacturing defective devices that can put people's lives at risk.
Want to learn about cybersecurity? Get trained with Advanced Cybersecurity's Tech Bootcamp and make an exponential leap in your career. All information and registration here.
English (UK)