A number of renowned researchers have contributed to Bart Blaze's report

Apr 7, 2014 17:21 GMT  ·  By

Malware researcher Bart Blaze has published an interesting post on ransomware. He has asked a number of reputable experts questions about the beginnings and the evolution of such threats.

Malware researcher Malekal, Malwarebytes Head of Malware Intelligence Adam Kujawa, Kaspersky Senior Security Researcher Fabio Assolini, Emsisoft’s Fabian Wosar,  and Hendrik Adrian of the MalwareMustDie security research group have shared insight for the report.

The experts provide information on when and how they encountered the first piece of ransomware, the psychological aspect of such threats, propagation methods, its effectiveness and success rate, and recommendations on how to protect devices.

All researchers agree that the first versions of ransomware were primitive, yet they also agree that the threats were efficient. Over the past years, these types of malware have evolved a great deal and they’re currently helping cybercriminals in making millions of dollars.

Ransomware has become so popular among cybercriminals that some experts believe it has overthrown rogueware (fake antiviruses). Some say that cybercriminals have dumped rogueware in favor of ransomware because the latter is more profitable, particularly the variants that encrypt files, such as CryptoLocker.

“Ransomware like Cryptolocker is more effective now because everyone knows about FBI Ransomware, back when FBI ransomware came out, it was very effective because people thought it was legit,” explained Adam Kujawa.

“I can't give you percentages because I don't have them but a good rule of thumb is if you see a certain kind of attack scenario being reused or re-branded, it usually means it's effective. We see malware like PrisonLocker now because of the success Cryptolocker had, just as 2012 was full of different families and variants of FBI Ransomware.”

The report published by Bart Blaze also contains a number of recommendations for both regular users and organizations on how to protect themselves against ransomware and what to do in case their devices are infected with such threats.

For consumers, the list of recommendations includes keeping all software updated, installing an antivirus, uninstalling unused software (e.g. Java), installing protection software such as NoScript in the web browser, avoiding to download applications from suspicious websites or ones advertised via spam, and making backups.

For organizations, the list of recommendations includes setting strong passwords for servers an disabling RDP if possible, using spam filters, using group policies, restricting rights for users who don’t need them, employee education, and backups.

Ransomware victims should never pay the ransom since there’s no guarantee that the cybercriminals will keep their end of the deal. Furthermore, if you pay up once, you’ll probably be targeted in the future since the crooks know that you’re likely to give in to their demands.

For additional details and recommendations, check out Bart Blaze’s blog.