The surge in ransomware popularity may be due to increased sophistication in exploits over the past few months.  Ransomware encrypts a user’s hard drive and demands a payment to receive the key to decrypt the files.  Payment is usually in the form of Bitcoins due to the anonymity of the exchange.  Additionally, attackers’ mask their identities by using the TOR network—a free software that allows for complete anonymity.

One of the more popular methods of infection is the use of spam.  Emails contain malicious links or attachments with a .zip or .cab file.  The emails may look legitimate like a bank invoice or credit card statement.  With tax season approaching, EdgeWave expects to see an increase in spam with tax related themes that may include ransomware.  Other reports indicate that sites like Facebook are used as spam attack vectors.  An email seeming to come from Facebook will ask users to click an update to terms and conditions that downloads the exploit.

Personal computers are not the only system targeted by ransomware.  Recent reports show an increase in two areas.  First, smart phones have been targets via bad links, downloads, and apps.  Phones have become more popular targets as more people use them for email and Internet usage.  Second, websites are becoming more popular for ransomware as CBT ransomware encrypts a websites database.  Although email is used as an initial attack vector, use of tools such as the Angler exploit kit can also use flaws in Flash and Java to attack more directly.

Ransomware is becoming more popular in the criminal hacking community.  Identity theft is becoming less popular as the return on investment fades.  Ransomware provides a more immediate return on investment.  As a precaution, individuals and companies should take a close look at their cybersecurity strategy and ensure they have adequate security measures in place to prevent this. Also, they should back up important files to one connected locations such as a cloud-based service or offsite storage.  While inconvenient in terms of time, restoring from a backup may limit the financial risk associated with ransomware.

EdgeWave’s dedicated human shield, our EPIC team, frequently detects an increase in fraudulent activity and identifies malicious links that others would perceive as legitimate. EPIC’s team of military-grade cyber engineers and analysts closely monitor various categories of websites, intercept email with malicious links, and block insecure web content with a combination of artificial and human intelligence. Find out more ate www.edgewave.com.