Imagine someone obtaining your confidential data, such as the result of a medical appointment or pay stub, and threatening to publicly expose it if you don’t pay a “ransom”. Or the list of customers and information of a company blocked by a hacker, who will only return it if he receives a sum of money. This is what they call ransomware, a criminal practice that has been growing a lot in Brazil over the past five years, and even in a sophisticated way.
“Our teams started investigating and found that there has been a huge increase since 2012. Last year, the rise in ransomware families – families are different threats but with the same purpose – in Brazil was absurd, outside the standard”, says Franzvitor Fiorim , Trend Micro’s technical leader who was in Curitiba in 2017 to participate in an event on digital security.
In a survey conducted by Trend Micro with about 300 Brazilian companies in the second half of 2016, 51% said they had been the target of ransomware attacks, 56% admitted they did not have a technology for monitoring or detecting suspicious behavior and the sectors most affected were the companies linked to education (82%), government (59%) and retail (57%).
The increase in incidence, according to Fiorim, is the popularization of methods to apply the coup. “We noticed that in Brazil, as in other places, there is movement of criminals on the Deep Web. However, here the thing is more direct: there are even public profiles on social networks, with photos and personal information, of people selling courses on how to be a hacker and how to create a ransomware. They don’t worry about remaining anonymous. ”
Previously, criminals asked for ransom on transactions made through electronic payment Paypal and currently the vast majority use Bitcoin, which is an untraceable medium. The value usually varies between ¼ of Bitcoin up to 10 Bitcoins. “The price varies according to the day but is around R $ 1,200 (this week it reached R $ 5,000). And the attackers even include a video in the ransom request, explaining how Bitcoin works, all in Portuguese ”, highlights Fiorim.
Unfiled infections increase incidence in cell phones
The ransomware usually offers a link or a file, so you can enter your credentials or open an application capable of opening a breach for your device to be controlled remotely. This is how the intruder steals your data and encrypts it, with a key that only he comes to know.
Anyone who thinks the scam is an exclusivity of table machines is wrong
“Our samples indicate that 80% come from a URL, an address you click on and land on a malicious page, and another 12% come in emails, pretending to be a bank, a known person or a password retrieval over a network social ”, points out Fiorim.
But those who think that the scam is an exclusivity of table machines are mistaken. “There is an idea that desktop environments are more vulnerable. They are really vulnerable, regardless of the operating system – there are people who think that using Linux will be safer, but there is ransomware for Linux too. And don’t feel more secure using a cell phone, because many of the attacks encrypt data on these devices ”, comments the expert
In fact, carelessness with applications on mobile devices may be responsible for the great rise in this type of crime in recent years, especially for what experts have been calling “infections without files”. “We tend to associate threats, malware and viruses a lot with files. The current trend is for infections without a file: because of a bug in the software, a vulnerability in the application, the attacker can gain access to the machine and encrypt its data or commit illegal acts. ”
And what can we do?
“There is no single solution, a“ silver bullet ”, none guarantees 100% security. We have what we call layered protection: combating malware and viruses, measures against attacks in emails and applications, addressing vulnerabilities and specific defense. There has already been a case of targeted attack, in which a criminal knew exactly what he wanted to affect, ”says Fiorim.
Keep all software updates up to date
In Brazil, a market known for its high consumption of intermediate products, most users spend more than a year with the same smartphone, according to a survey by Ibope. So, keeping upgrades up to date is even more important so that ransomware does not spread so intensely in a mobile environment.
There are software to prevent and detect malicious self-executing files, it is possible to use offline storage to keep the most important data away from attacks via the web, such as a pen drive and external hard drives.
Some security companies and programs offer the sandbox service, which is a controlled virtual environment for testing suspicious content. Cloud and machine learning solutions have also been used. “Often, a criminal creates a threat for just one company, so teams and security measures have never seen that kind of problem. This is where detection and the events correlated by machine learning come in can help a lot in these cases. ”
Reporting and education make a difference
Reporting and reviewing legislation are also alternatives to combat ransomware. “It is important that there is a complaint, so that the police look for these hackers. The police report will help to increase the investment made in this type of investigation. We also need to improve legislation to more critically penalize those who commit this type of crime. After all, this is an extortion crime that starts in the digital environment and affects the physical environment. ”
And, for now, the greatest weapon against scammers is the education of users. “The percentage of complex threats is small. The vast majority of attacks come from variations made from simple codes, from criminals who learned to program languages in college or even are self-taught and try to create some malware ”, reveals Fiorim.
The vast majority of attacks come from variations made from simple code
“The most effective solution is user education. We cannot blame you for having your data stolen. We need to better train company employees and create awareness campaigns so as not to click on content or download unknown files. ”