Ransomware programs that encrypt user’s data in order to extract money are becoming more and more sophisticated.
Malware developers are enhancing their programs with new functionality including the ability to encrypt data offline. The new emerging variants of ransomware have not only targeted computers, smartphones and more recently smart devices such as TV’s, one variant called Chimera is specifically targeting the businesses user category. Professional IT Consultants are becoming increasingly alarmed at the rapid rate of change happening within the ransomware space as the variants are developing workarounds to overcome a lot of the constraints enabled in order to deliver its payload.
The business user category is highly concerned with protection and safety of their data and will most probably pay the ransom in order to get the information decrypted. Referring back to the Chimera variant, the malware not only permanently encrypts the data but also threatens the affected users to upload their data into the Internet unless they pay up.
“39% of enterprises were hit by ransomware last year … Of those, 40% paid the attackers in order to retrieve their data.” Ref:http://www.welivesecurity.com/2016/08/22/ransomware-pay-not-pay-2
“According to the Trend Micro figures unveiled at CloudSec London, the average ransom demanded is £540 ($722) - although the payment is usually requested in Bitcoin - with although 20 percent of organisations reported ransom demands of £1000 ($1338).” Ref:http://www.zdnet.com/article/two-thirds-of-companies-pay-ransomware-demands-but-not-everyone-gets-their-data-back
Another newly introduced malware program is CryptoWall 4.0 which encrypts file names with a randomly generated algorithm (using both letters and numbers). This is most probably done to further confuse the affected user that is stressed enough by not being able to reach their data. The software uses 2,048-bit RSA key to encrypt the data which is virtually impossible to decrypt. The developers have gone even further than deprive users of their data, they now send a congratulations note stating that the user has now joined the club and provides a detailed very well-written instruction of payment as well as an explanation what ransomware is and how it works.
The instructions also warns users off trying to decrypt the data as it can be lost forever. CryptoWall 4.0 employs sophisticated methods that allow it to go undetected by many anti-viruses and/or firewall programs. At present the malware developers operate just like ordinary software developers; they keep renewing their products and services. The latest version of CryptoWall has caused an estimated loss of $18 million on part of businesses and individuals. Another report from American advised that the market suffered an estimated loss of $325 million thanks to CryptoWall 3.0.
At this point the IT industry sees Ransomware as a threat that will only increase over time and become more and more devious in its nature and operations.
Paying the ransom, however, is no guarantee that your data will be fully restored even if you do get a decryption key. There is always a chance for a program error that would make data decryption impossible. Without doubt it is a personal choice but it pays to keep in mind that paying the ransom is no guarantee of getting the information back.
“Two-thirds of companies pay ransomware demands: But not everyone gets their data back” –
Ref:http://www.zdnet.com/article/two-thirds-of-companies-pay-ransomware-demands-but-not-everyone-gets-their-data-back However, for people whose data is worth hundreds of thousands of dollars a $700 ransom might seem as an acceptable price to pay to get it back.