A ransomware alert
has been issued by the US and Canada to ensure that individuals and
organizations are aware of the threat posed by this type of malicious software.
The alert, from the Department of Homeland Security
(DHS) and the Canadian Cyber Incident Response Centre (CCIRC), comes on the
back of what seems to be a proliferation of ransomware attacks. They said that it is now apparent to cybercriminals
that this particular approach is remarkably “profitable”, resulting in not only
a general increase in the number of attacks, but also in the number of
ransomware variants.
“In 2013, more destructive and lucrative ransomware
variants were introduced, including Xorist, CryptorBit, and CryptoLocker,” the
official statement highlighted. “Some variants encrypt not just the files on the
infected device, but also the contents of shared or networked drives. “These variants are considered destructive because
they encrypt users’ and organizations’ files, and render them useless until
criminals receive a ransom.”
Both security organizations drew attention to Locky – recently analyzed by ESET’s Diego Perez – which has been
especially prolific as of late. This variant, described as “destructive”, is delivered
through spam
emails, which include corrupted Microsoft Office documents (as an attachment). Once downloaded, the trojan gets to work, encrypting files without the victim at
first being aware. It is only when they receive a demand for a ransom that they
realise what has happened.
“Infections can be devastating to an individual or
organization, and recovery can be a difficult process that may require the
services of a reputable data recovery specialist,” stated the DHS and CCIRC in
their alert.
In spite of this, their advice is to never pay,
something that WeLiveSecurity’s editor in chief, Raphael Labaca Castro, has previously noted.
Speaking last year, the information security expert
explained that in doing so, you are, in effect, “supporting cybercrime
activities”. Additionally, there is no guarantee that files or devices will be
decrypted. “Remember, this is not a service, they are
cybercriminals,” he went on to say. “[And] even if you pay, you are not going
to be ‘whitelisted’ so you could get infected again so it’s not a real solution
for the future either. “Prevention is the most important tool against
Ransomware, since the infection can be usually cleaned afterwards but not
always the information restored.”