Web users have to worry about yet another security threat: ransomware. The FBI now estimates that losses due to ransomware, a type of malware, topped $18 million dollars in the last year.
Unfortunately, hackers have been using bitcoin and other digital currencies as their primary choice for payments. As bitcoin transactions hide the identity of the receiving party, the digital currency has become a top choice for hackers and other people engaged in illicit activities.
With ransomware, computer hackers basically take control of sensitive or valuable information and hold it hostage. If users do not pay a ransom, they lose access to the data.
Ransomware has become one of the fastest growing and most common types of security threats threatening the web. Between April of 2014 and June of 2015, the FBI’s Internet Crime Complaint Center received 992 complains related to Cryptowall, the most commonly used ransomware software.
As already mentioned, ransomware could be generating $18 million dollars in costs. Much of the costs are accrued not through ransoms, however, but instead post-attack costs, such as network mitigation, increased security measures, legal costs, and lost productivity.
Ransoms can range from a few hundred dollars to several thousand dollars, depending on the nature of the information and the targeted person or company. The highest reported ransoms demand so far have been for $10,000 dollars.
Dell SecureWorks estimates that as many as 600,000 computers have been infected with one variant or another of CryptoWall. Dell estimates that as much as $1 million dollars in ransoms have been paid out, making the malicious malware one of the most profitable scams of all time. Many of the ransoms were paid using bitcoin.
CryptoWall can infect computers running either Mac or Windows operating systems. So far, it does not appear that Linux computers or servers are at risk.
What is Cryptowall?
“Cryptowall” is a trojan horse that encrypts files on a compromised computer and then forces the owner to either pay up, or lose access to their files. The malware can be spread through compromised websites, infected emails, and other means.
Encryption is itself a type of security measure that makes it very difficult for a party to open a file or hard drive without having proper access. Many people encrypt their hard drives, for example, making it almost impossible for outside parties to gain access to the files unless the owner him or herself unlocks the files.
The ransom is time-limited, meaning that if you do not pay within a given period of time, your files will be encrypted forever. It is very difficult to break encryption. Even spy agencies, such as the National Security Agency have trouble breaking through encrypted files (though most types of encryption can be broken with the right expertise and resources).
The malware can be downloaded to your computer through ZIP files, PDFs, and various other types of files. Many users falsely trust some of these files when downloading them because the files are “non-executable”. Unfortunately, hackers do not need to use executable files to infect your computer.
Hackers use the Tor network and other methods to hid their identity. Forcing users to pay with bitcoin also helps to conceal the hacker’s identity, making it very difficult for people with compromised computers to take legal action.
The software and its variants go under a wide variety of names, such as CryptoDefense, but all function in a similar way. Gain access to a computer, corrupt registries, and take sensitive data hostage. The malware was first discovered in June of 2014, though a precursor called CryptoLocker appeared in September of 2013.
While bitcoin has been a net positive for the online community, the cryptocurrency’s anonymity makes the currency a great option for those engaged in illicit activities. From facilitating drug deals through websites such as the infamous Silk Road, to acting as an untraceable currency for ransoms, bitcoin has its advantages for criminals.