FBI Releases “Ransomware on the Rise

[steven36]

The Federal Bureau of Investigation warns of a recent rise in attacks by way of ransomware, an extortion technique that employs malware to infect a target’s computer and restrict access to files while demanding payment of hundreds to thousands of dollars, else the victim’s data will be permanently deleted from the system.

“Ransomware has been around for several years, but there’s been a definite uptick lately in its use by cyber criminals. And the FBI, along with public and private sector partners, is targeting these offenders and their scams,” the agency said.

The FBI notes that when ransomware schemes first emerged, targets were usually infected by way of tainted email attachments that delivered the malware, but criminals have increasingly turned to drive-by attacks where victims can become infected by simply visiting a compromised website.

And it’s not just everyday Internet surfers who are at risk.

“Businesses, financial institutions, government agencies, academic institutions, and other organizations can and have become infected with it as well, resulting in the loss of sensitive or proprietary information, a disruption to regular operations, financial losses incurred to restore systems and files, and/or potential harm to an organization’s reputation,” the FBI warned.

Law enforcement has successfully disrupted several ransomware operations, including Reveton and Cryptolocker, after seizing command and control servers.

But new ransomware campaigns are emerging, and the malware employed is becoming more sophisticated, as in the case of CryptoWall. which uses multiple exploits to infect targeted systems and has anti-vm and anti-emulation functionalities which obfuscate the malware when sandboxed.

To decrease the risks posed by ransomware, the FBI advises user to:

• Make sure you have updated antivirus software on your computer
• Enable automated patches for your operating system and web browser
• Have strong passwords, and don’t use the same passwords for everything
• Use a pop-up blocker
• Only download software—especially free software—from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars)
• Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly
• Use the same precautions on your mobile phone as you would on your computer when using the Internet
• To prevent the loss of essential files due to a ransomware infection, it’s recommended that individuals and businesses always conduct regular system back-ups and store the backed-up data offline

Source