Apr 15, 2016

    Your money or your data


    HACKERS are stepping up efforts to turn their exploits into cold cash, locking a user's data unless a ransom is paid.

    In the fourth quarter of last year, so-called ransomware increased 26 per cent quarter-over-quarter, according to Intel Security.

    One single ransomware campaign last year netted US$325 million (S$444 million), according to researchers.

    The report did not estimate the overall value of ransomware but the report found some six million attempts to install such malware, which encrypts the contents of a computer and locks the data down unless the user pays a ransom to obtain a decryption key.

    Steve Grobman, chief technical officer at Intel Security, said the practice is growing due to several factors - easy access to the software, criminal networks which offer the service and the difficulty of tracking down culprits who can hide in anonymous networks.

    "In many ways, this is a more lucrative business model than traditional forms of cybercrime," Mr Grobman told Agence France-Presse.

    "And now we are seeing this move beyond consumers to 'soft targets' like hospitals and schools and police departments."

    He added that these targets are chosen "because they typically don't have sophisticated cyber defences that you would see at banks or defence contractors". But still hold data that can be held hostage.

    Although ransomware has been used for several years, the techniques have been refined and evolved to make them more usable.

    Tracking down hackers has become difficult if they demand bitcoins, which have no traces in the banking system.

    Ransomware software has become openly available as "open source" software that any hacker can use for free.

    And criminals with less technical sophistication can hire hackers who make themselves available for the exploit - a business model known in the trade as "ransomware-as-a-service", the report said.

    "Ransomware campaigns are financially lucrative with little chance of arrest so they have become quite popular," Intel noted in the report.

    Recently, Hollywood Presbyterian Medical Center acknowledged that it had paid US$17,000 to hackers using ransomware, saying it was "in the best interest of restoring normal operations".

    Mr Grobman said the best defence against ransomware is preventive - backing up data in separate locations so that it can be restored, and using defensive software to filter out hacker e-mail messages.

    But for someone infected with data locked by encryption, it is often a difficult choice.

    "The bigger issue is that by paying the ransom, you are encouraging the cyber criminals, and it will drive the next generation of ransomware," he said.