Cybercriminals using ransomware to extort money from computer users have raised their game by adding highly complex encryption to their methods used to lock down their victims' data.

According to the Sophos Security Threat Report 2013, the criminals have begun using public key infrastructure (PKI)-grade encryption that is often beyond the reach of security companies that have previously had little difficulty in cracking the codes and integrating those solutions into tools.

"Within the last couple of months, we've seen more advanced versions of encryption with which we simply cannot just build a tool to get those files back," said Richard Wang, manager of SophosLabs. "This moves the emphasis towards recovering that data through backup and recovery, rather than through breaking the encryption. You could pay the ransom, but there's no guarantee that you'll get your data back, even if you do."

[Related: W32/VBNA-X Worm Exploits Autorun, Dupes Users]

Dubbed "irreversible malware" by Sophos, the exploits are typically delivered using standard drive-by techniques, leveraging toolkits like Black Hole.

Meanwhile, the purveyors of Black Hole may be getting much more marketing savvy. Wang says Version Two of their exploit kit is already deployed and now features fewer exploits than the original version, and it is now more focused on well-known attacks that have a wide reputation for success. Premium packages are apparently being developed to support zero-day attacks and similar exploits that can command higher revenues. "I would expect to see things like newly announced vulnerabilities would likely be offered as part of a premium package," said Wang. "And then those things can go to the standard kit later, after they become more widespread."

Wang added that Sophos sees evidence of the Black Hole toolkit in roughly 27 percent of the exploited sites that they encounter on a day-to-day basis.

Users can also rent services from various organizations through which they can specify which malware they want to deliver and commission paid professionals to handle the technical functions.

"They've made it very easy for people with minimal technical skills ... to get malware distributed for cash," he said.

NEXT: The Big Attack On Mac

The Sophos Threat Report also foresees increased attacks on the Apple platform and, most notably, OS X.

"Over the last 12 months, however, especially with Morcut and Flashback, we see the OS X malware authors are catching up with the technology of the Windows authors and using those techniques very successfully against an audience who is not really expecting to be vulnerable to those kinds of attacks," Wang explained. "As OS X moves more deeply into the business sphere, we will see even more attacks. Some people truly prefer Macs, and the bad guys are aware of that too."

Wang added that securing the Mac carries many of the same requirements and practices as securing a Windows PC. "It means anti-malware software; it means making sure you have the right firewalls in place and keeping your browser plug-ins up-to-date and eliminating excess plug-ins such as Java, if you don't need them. The number of attacks is much lower right now, but the style of attacks and the way they work are broadly very similar. I also think we have seen a softening of Apple's PR stand about malware on Macs. And I think ultimately that's going to be a good thing for the users because pretending that the problem does not exist is not really helping anybody."

PUBLISHED DEC. 4, 2012