Week 6 Post – Ransomware

Ransomware is getting a lot of press these days and the threat is growing. Ransomware is a type of malware. Once it gets into your computer system, it encrypts all of your documents, spreadsheets, and photos. There is a long list of the file types that Ransomware goes after. If you have a mapped drive to a server file share, the ransomware will attack those files as well potentially encrypting all of your internal company shared documents.

After ransomware encrypts your files, you can’t open them any longer, until you pay the ransom to get the unlock code.

Unlike much malware, which is often just meant to be destructive, ransomware is a criminal enterprise. It’s a business. Like any successful business, one typically has to provide some value for payment. Ransomware wouldn’t be such a growth industry if the criminals just took your payment, and didn’t actually deliver the unlock code, so they do. They know the only way they can keep making money on this is to give your files back to you after they have been paid.

Ransomware variants are growing rapidly. According to Bromium, Ransomware “doubled in 2015. The number of ransomware families has increased 600 percent from ~2 in 2013 to ~12 in 2015” (Bromium 2015 Threat Report).

Symantec calls ransomware “an extremely profitable type of attack,” and says that “ransomware will continue to ensnare PC users and expand to any network-connected device that can be held hostage for a profit. In 2015, ransomware found new targets in smart phones, Mac, and Linux systems. Symantec even demonstrated proof-of-concept attacks against smart watches and televisions in 2015.”

Why is ransomware so difficult to stop? Bromium says that “Typical security products are detectors. They require a constantly updated set of rules to try and block/detect infections. The problem: Angler is the crafty exploit kit of choice, and is currently managing to infect computers anyway. Angler is tending to drop ransomware, which is constantly re-encoded to bypass file analysis techniques. Thus, the only reliable way to stop ransomware is via security through isolation (what Bromium does). To read more about exploit kits, see: https://labs.bromium.com/2016/03/08/angler-ek-a-bromium-discussion/”

It is also difficult to stop because much ransomware relies on user vulnerabilities through phishing emails and malicious links that many people will click on.


Pay up! It’s Ransom Season… (2016). Retrieved April 24, 2016, from https://labs.bromium.com/2016/04/18/pay-up-its-ransom-season/

2016 Internet Security Threat Report. (n.d.). Retrieved April 24, 2016, from https://www.symantec.com/security-center/threat-report