It’s a twist on a popular internet meme based on a phrase from the classic arcade game, Zero Wing. Only, in this case, it’s not a game. It’s your data – your files and documents. It’s your pictures and your videos. It’s your finances. It’s your life. It’s worth more now than ever to malware creators who go to great lengths to derive profit from it.
From mundane origins…
Malware has evolved over the years. In some of its original forms, malware was merely a nuisance—it might have caused your CD-ROM drive to randomly open or caused text on your screen to cascade into a pile of gibberish. It was sometimes intrusive and annoying, but it was easy to detect and easy to get rid of.
Malware creators got smart—they saw the potential for profit.Malware creators got smart—they saw the potential for profit. New waves of malware often exploited higher privileges to gain access to system files and settings. It became more difficult to detect and remove. Sometimes, it ironically disguised itself as legitimate software, such as antimalware, trying to compel you to pay for it to ‘clean’ your computer.
If that wasn’t good enough, malware evolution means victims aren’t given a choice—if you’re a victim of crypto-ransomware, for example (and you don’t have a backup of your files), your files are now encrypted. You’re not being scammed into paying for fake software. You’re being required to pay to get your files back. Even if you pay, there is still a good chance your files are lost forever.
This is nothing new—crypto-ransomware has been fairly prevalent for a few years now and continues to evolve. The havoc wreaked by newer waves of crypto-ransomware extends far beyond encrypting an individual user’s files. In corporate multi-user environments, all local files, even files belonging to other users on that system, are now being encrypted. Files on mapped/network shares, even unmapped shares, are being encrypted, as well.
New variants of crypto-ransomware appear to be re-writing master file tables (MFT) and sometimes employing full-disk encryption (FDE), as well. Instead of using a file mask to look for and encrypt specific files (such as JPGs, PDFs, Word docs and Excel spreadsheets) in a user’s profile, the entire drive—every block of storage—is now encrypted. In some cases, the ransomware replaces the bootloader, and the operating system will no longer boot. You’re just left with a message that you’ve been hacked, your files are encrypted, and you must pay.
Malware is big money.
The endgame remains the same—you have to pay. But, that’s evolving, too. As the timer counts down to the payment deadline, the price begins to increase. That means the longer you wait, the more you lose. The more you panic, the more the creator profits.
“That’s great, but I have a backup, and I back up all my company’s servers too, so I’m not worried.”
The endgame remains the same—you have to pay. But, that’s evolving, too.Crypto-ransomware has evolved beyond encrypting your files and drives. It’s now harvesting and uploading email addresses, usernames, passwords and other files to servers which the creator controls. Even if you wipe the affected systems out, remediate any and all infections, and restore your files, the creator might now have deeper access into your network and company than you originally thought.
While you don’t have to pay to get those files back, some of the harvested information might be worth more to a malware creator on the black market than a simple bitcoin payment from a victim. This is especially true in corporate environments where information may include not only usernames and passwords, but also information about personnel, payroll, and even intellectual property.
But, it’s not all doom and gloom. There are many ways to prevent malware and ransomware infections, and if needed, recover from them. As malware continues to evolve, so must our prevention and defense against it. Check out our article Ten effective ways to minimize the risk of ransomware, which includes tips, tricks, and guidance in preventing and defending yourself against ransomware and other malware attacks.