Expert Insight: Ransomware Today

Long after it was first seen in 2005-2006, ransomware has graduated from being scareware that locks the screens of its victims to a sophisticated malware that locks down the most essential component of a victim’s system—its data.

This made ransomware one of the most notorious malware types to prey on unsuspecting users. On May 2015, we detailed how ransomware has evolved into the kind of data kidnapper that it is today, from initial sightings in Russia that hijacks user files to more advanced crypto-ransomware variants that encrypted its victims files in 2013.

By the third quarter of 2014, crypto-ransomware accounted for more than a third of all ransomware types found in infected systems, and it shows no signs of slowing down. In fact, data gathered over the last quarter of 2014 shows that crypto-ransomware variants have increased from 19% to more than 30% in the last 12 months.

In the first quarter of 2015, we reported on how ransomware has spread to enterprises and niche users after seeing a rise in CryptoWall-related URLS in the second quarter of the year. As indicated in our collected data, almost 70% of incidents reported hit mostly small and medium-sized businesses, followed by enterprise and the consumer segments.

In this Expert Insight video, Trend Micro Senior Threat researcher David Sancho shares his insights on ransomware today, and how it's expected to evolve the coming years. “Ransomware as we know it today is the spyware that has been evolving over time. And then the attackers are sneakily trying to upgrade their methods as soon as the old methods become obsolete,” Sancho says.

Given everything that has been said about the traps set by cybercriminals, the scheme's victims are still growing. Should we stop looking for a silver bullet to prevent users from falling into these traps? How can users and businesses shield themselves from becoming a victim?

“What I recommend instead is for everybody to run a solid backup strategy.  You have to treat ransomware as any other data corruption. Just as in any data corruption, you have to have a solid backup plan in place. If you don’t then you’re subject to data loss,” Sancho notes.

Here are a few simple tips on how you can protect yourself and your data from ransomware attacks:

• Backup your files regularly – the 3-2-1 rule applies here: three backup copies of your data on two different media and one of those copies in a separate location.
• Bookmark your favorite websites and access only via bookmarks – attackers can easily slip malicious codes into URLs, directing unwitting users to a malicious site where ransomware could be downloaded. Bookmarking frequently-visited, trusted websites will prevent you from typing in the wrong address.
• Verify email sources – It always pays to be extra careful before opening any link or email attachment. To be sure, verify with your contacts prior to clicking.
• Protect the Endpoints – Implement a solution with advanced monitoring of incoming email and other traffic that employs real-time threat intelligence to identify and safeguard one’s network from malicious emails, compromised URLs and C&C hosts and infected file attachments. The Trend Micro™ Smart Protection Suite provides real-time threat intelligence that gathers global input from millions of collection points and uses big-data analytics to produce up-to-the-minute information about the latest threats. It also includes the latest version of Trend Micro™ OfficeScan™, which features behavior monitoring that watches for and kills unknown processes that encrypt or modify files, effectively protecting endpoints from ransomware attacks and other evolving threats.