As part of its Fall Technology series, the FTC hosted a public workshop on the growing threat of ransomware. Ransomware is a type of malware that infects computers and prevents or limits users from accessing their systems until the user pays a ransom. The system impediments deployed by ransomware can include locking the system’s screen, locking the user’s files, or encrypting some or all of the computer’s files.
Ransomware infections primarily occur through one of two vectors: convincing the target to open and execute an email attachment, or through malicious advertisements placed on websites through ad networks. Placing malicious ads, known as malvertising, leverages consumer trust of the websites that users visit every day.
Chairwoman Ramirez opened the workshop with a keynote that explained why ransomware is such a fast-growing and pervasive threat. First, the Chairwoman noted that ransomware infections have escalated in recent months, fueled in part by the availability of bitcoin to pay ransoms, and the ever-increasing importance of electronic documents, images, and movies to consumers. Next, ransom payments have funded the development of new versions of malicious ransomware software which now seek out and encrypt network drives, or target mobile devices. Another new tactic the FTC has observed is the evolution from bulk spam emails to targeted spear phishing attacks. This evolution may be driven by the increasing resources available to teams, the realization that some targets may support greater payments than others, and perhaps most importantly, the increasing sophistication of spam filters.
The first panel of the afternoon featured several security experts who discussed the technical exploits utilized by ransomware and explained the proliferation of “Ransomware as a Service,” in which ransomware authors have begun to “commercialize” their software and use affiliate marketing methodologies. One industry panelist explained how Bitcoin has played a key role in the proliferation of ransomware, and predicted the growth of ransomware worms which target enterprises.
The later panels focused on defenses and what to do if you become infected. The panelists generally agreed on the most effective techniques to mitigate the risk of infections, including the following:
- Users should take care to patch and update software, and make regular backups.
- Any backups should be stored on offline media in order to thwart ransomware attacks that seek out and encrypt backups.
- Users should be educated on good practices, such as not opening unexpected email attachments, and not enabling office macros for unknown documents. Network operators should stay up-to-date on threat intelligence information and try to block their users from reaching websites known to host malicious software that could attack and encrypt users’ devices.
An FBI panelist encouraged users who become infected to not pay ransoms because this funds further development of new variants. The panelist requested that all users, even those who pay to unlock their files, share with the FBI or local law enforcement the bitcoin wallet address to which they sent ransom payments. The panelist also cautioned against expecting files to be unlocked on payment of ransoms, noting that decryptions may fail, organizations may not act in good faith, and payment demands may escalate.
The overarching theme of the day was to be prepared; review backup policies, make mitigation plans ahead of time, and know what resources and software your organization is responsible for so that you can mitigate your risk.
