The FBI has issued an alert to businesses about cryptographic ransomware – a type of malware that encrypts company data and demands payment for the decryption key.
In the first quarter of 2015, McAfee Labs saw a 165% increase from the previous quarter in new ransomware, driven largely by the hard-to-detect CTB-Locker ransomware family, a new ransomware family called Teslacrypt and the emergence of new versions of CryptoWall, TorrentLocker and BandarChor.
According to the FBI, the biggest threat continues to be CryptoWall, which has been responsible for 992 ransomware attacks reported to the agency since it appeared in April 2014.
Attackers have used CryptoWall to demand ransoms of between $200 and $10,000 to re-instate the locked data.
Most criminals involved in ransomware schemes demand payment in bitcoins because the digital currency is fast, publicly available, decentralised and provides a sense of heightened security and anonymity.
The FBI said the attacks using CryptoWall had resulted in losses to US businesses of more than $18m – but that does not include losses incurred by unreported attacks.
Those losses also do not include the cost of lost productivity, legal fees, cleaning up after an attack, new countermeasures and the cost of breaching personal information.
Mitigate ransomware attacks
The FBI advises companies to:
- Use antivirus and firewall software from "reputable companies" and keep them updated;
- Enable pop-up blockers to prevent accidental clicks on malicious webpages that could download malware;
- Back up all data.
The FBI also cautions enterprise employees not to click on any emails or attachments they do not recognise, and to avoid “suspicious” websites.
Read more about ransomware
However, many of the CryptoWall infections have been spread through malvertising or malicious advertisements on legitimate websites, requiring no interaction from the victims.
Other CryptoWall infections have been spread using exploit kits that use known Adobe Flash vulnerabilities – underlining the importance of installing security updates as soon as they are issued.
According to the latest McAfee Labs’ report issued by Intel security, Adobe Flash malware samples increased by 317% in the first quarter of 2015. The researchers attributed the spike in exploits to the popularity of Adobe Flash as a technology; user delay in applying available Adobe Flash patches; new methods to exploit product vulnerabilities; a steep increase in the number of mobile devices that can play Adobe Flash files; and the difficulty of detecting some Adobe Flash exploits.
“If you receive a ransomware popup or message on your device alerting you to an infection, immediately disconnect from the internet to avoid any additional infections or data losses,” the FBI alert said.
The alert also encourages businesses to report any ransomware attacks to local authorities.
