Page 1 of 2
Cybercriminals using ransomware to extort money from computer users have raised their game by adding highly complex encryption to their methods used to lock down their victims' data.
According to the Sophos Security Threat Report 2013, the criminals have begun using public key infrastructure (PKI)-grade encryption that is often beyond the reach of security companies that have previously had little difficulty in cracking the codes and integrating those solutions into tools.
"Within the last couple of months, we've seen more advanced versions of encryption with which we simply cannot just build a tool to get those files back," said Richard Wang, manager of SophosLabs. "This moves the emphasis towards recovering that data through backup and recovery, rather than through breaking the encryption. You could pay the ransom, but there's no guarantee that you'll get your data back, even if you do."
Dubbed "irreversible malware" by Sophos, the exploits are typically delivered using standard drive-by techniques, leveraging toolkits like Black Hole.
Meanwhile, the purveyors of Black Hole may be getting much more marketing savvy. Wang says Version Two of their exploit kit is already deployed and now features fewer exploits than the original version, and it is now more focused on well-known attacks that have a wide reputation for success. Premium packages are apparently being developed to support zero-day attacks and similar exploits that can command higher revenues. "I would expect to see things like newly announced vulnerabilities would likely be offered as part of a premium package," said Wang. "And then those things can go to the standard kit later, after they become more widespread."
Wang added that Sophos sees evidence of the Black Hole toolkit in roughly 27 percent of the exploited sites that they encounter on a day-to-day basis.
Users can also rent services from various organizations through which they can specify which malware they want to deliver and commission paid professionals to handle the technical functions.
"They've made it very easy for people with minimal technical skills ... to get malware distributed for cash," he said.