What Malwarebytes’ Adam Kujawa Wants You to Know about Ransomware’s Growing Danger
Malware first gained notoriety in 1999-2000 with the Melissa and LoveLetter infections. They caused enough damage to put the threat of malware on every computer user’s radar. Since then, malware technology has continued to evolve and disrupt computer operations across the globe.
In February of 2016, a Southern California hospital had to pay $17,000 and lost hundreds of work hours to one malware attack. Twelve hospitals were hit in 2016 alone.
Using ransomware (one of the most destructive malware types), cybercriminals steal money and data from everyone they can. It’s a war—and you’re the intended victim.
We spoke with Adam Kujawa, Head of the Malwarebytes Intelligence Team, about the state of ransomware use.
In a nutshell? "It’s getting crazy. Ransomware needs to be taken seriously. By everybody."
How Ransomware Changed the Malware War
We asked Adam for a 10,000-foot view of malware today. Ransomware in particular. Adam said, "A few years ago, malware was about the cybercriminal vs. a computer. Now ransomware is about the cybercriminal vs. the user."
Cybercriminals realized they could make more money if they changed tactics. Instead of targeting computers, they started targeting you.
It worked. And according to Adam, it’s getting worse.
Where is Malware Going Now? In the future?
Adam pointed out that ransomware changes fast. So fast that its changes actually stay in step with tech trends. For example:
- You’ll find ransomware on PCs, Android devices, and Macs (see the Tech Tip below).
- Ransomware-as-a-Service? Yes. The ransomware waits on a darknet server and lets anyone, regardless of technical ability, launch ransomware on a target for a fee.
- It’s already targeting social media. Next up are cloud-based storage solutions, like Box, Dropbox, and Microsoft OneDrive.
- Ransomware creators even used tactics from the advertiser’s handbook! When security vendors like Malwarebytes look at exploit kit code, which is used to distribute the ransomware, they find it uses social engineering to identify the perfect targets. Then it uses psychological techniques to figure out the best method of attack.
Adam: "It’s designed to take greater advantage of our ever-connected lives."
The New Anti-Ransomware App
In the past, you had two options when ransomware hit:
- Pay the ransom.
- Wipe the hard drive & restore a non-infected backup.
Now we have a third option.
Malwarebytes has an Anti-Ransomware app in beta now. Adam said its development is proceeding well. "Customers who visited us at RSA [major security conference] asked about the ransomware tool. The first week, we pushed out 2 new versions, just from feedback from testers."
The app’s goal? To root out ransomware before it activates. "It works a little more like Malwarebytes Anti-Exploit. It looks for behaviors that specifically indicate ransomware infection. It asks, does this look like ransomware?"
"[The app] has come up with some false positives. But that’s an unfortunate side effect during development."
Once the Anti-Ransomware app is ready to go, Malwarebytes will fold it into their signature Anti-Malware app. "We want you protected as soon as possible."
What You Can Do to Stop Malware Getting In
With ransomware evolving so fast, protecting against it is critical. Prevention is definitely better than cure when it comes to ransomware.
Here’s a list of recommendations for stopping ransomware (and malware in general). These come from Adam as well as Vircom Security, McAfee, and the HotForSecurity Blog:
- *Backup your data!
- *Educate your users on the dangers of malware & ransomware and how to avoid them
- Use reputable and proven endpoint security, like Microsoft Forefront
- Filter EXE attachments out of incoming emails at the email server level
- Patch/keep software up to date
- Use popup blockers
- Install Malwarebytes software on every workstation (including mobile devices)
- Configure your firewalls against spam & phishing emails
- Harden all servers
- Use multi-factor authentication
- Secure your cloud servers as well
- Never use servers for Internet browsing
- If you do have an infected computer, remove it from the network immediately
The Most Important Protection: Educate Your Users
Asked what the biggest problem is with ransomware’s growth, Adam pointed to user awareness. “The user is both the strongest and weakest point in any computer system. You can stop it [malware], or you can bring it in."
The strongest protection against ransomware, then, is to educate your users. Malwarebytes recommends training employees on ransomware’s dangers. How to spot it, and how to avoid activating it.
They’ve provided a resource to help you train. It’s called Malwarebytes Labs: https://blog.malwarebytes.org/
The blog contains free resources for learning about malware & computer security. You’ll find announcements of new malware, threat profiles, how to spot malware by “family,” and more. Labs updates frequently, sometimes multiple times a day.
Should You Pay the Ransom?
The final question – What if you do get ransomware on your computer? Should you pay the ransom?
If you’re not running backups, then you either have to pay the ransom or lose your data. Having backups avoids having to pay.
But even if you don’t have a backup, Adam recommends you don’t pay. "Any instance where a victim pays the ransom encourages the use of ransomware. It reinforces that this is an effective way to steal money from people. Don’t pay the ransom."
"It’s bittersweet – that when you get attacks like the hospital, the attack happens in the first place. Criminals have no real morals when it comes to who they attack. At the same time, the attack’s gotten out in the media, and that’s what needs to happen."
Anti-Ransomware is coming. Meanwhile, check your backups.
The head of Malwarebytes Intelligence wants you to take ransomware seriously. If you’re online, for work or for personal use, you are a potential target.
Review your backups. Soon we'll have Anti-Ransomware to protect us. In the meantime, you'd either have to pay the ransom or restore from backup if you get infected. So make sure your backups are okay!
What protections does your business use against ransomware? Please give us your feedback at firstname.lastname@example.org.