Ransomware: The New Class of Malware

In September 2013, however, this all changed when a new line of malware – called “CryptoLocker” – hit the internet. This was the first of a new class of malware dubbed “RansomWare.” The payload of CryptoLocker is to encrypt all usable files on a system, then demand payment for the decryption key. It gave a system user 72 hours to pay $300 using BitCoin (an anonymous online currency) or their key would be deleted, and the data lost forever. For most companies and individuals, paying the moderate ransom was a much better option than losing both time and money hiring someone to fight the online extorter. This scheme generated an estimated $27 million over 63 days of operation – and set the standard for successful monetization simvastatin online. Since then, there have been several releases of “Crypto” type RansomWare built on the same framework with the same concept of extortion.

The complexity and magnitude of this type of attack demonstrates the effect of monetization. The revenue that is generated via RansomWare is attracting highly educated and motived criminals to build and design “better” software for their diabolical purposes. Malware developers work together in offices, even having office picnics and holiday parties just like any other organization. They are driven to profit from their proprietary skills in their market space the same as any other well organized company.

But there are ways to protect yourself. Even though these types of threats are extremely successful at hiding from current antivirus programs (and therefore remain undetected while they encrypt their victims’ data), this level of sophistication has triggered IT organizations to change their defensive strategy. Running a single antivirus program will no longer suffice. It takes a multi-layered approach to keep your valuable data safe. What else needs to be done? At a minimum, organizations need to take a stronger security stance (and put it in written policies) when it comes to how their employees are allowed to use the internet. Their usage should be filtered, internet traffic scanned, and active malware scanners should be deployed. As an early adopter of heightened security measures, companies make themselves many times more difficult to capture than everyone else.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *