Ransomware’s Menace Goes Far Beyond Encryption

By on

Click to learn more about author Linus Chang.

It would be difficult these days to be unaware of the havoc ransomware can wreak. But most people’s image of “as bad as it gets” from this malicious form of malware is having your data encrypted and your money extorted in hopes that you’ll buy access to your files back. That’s bad, but believe me—when you’re hit by ransomware, it can get even worse than being asked to pay thousands of dollars in ransom fees. Here are some actual scenarios that have been known to occur when ransomware is involved:

Publicly releasing private data. There’s a horrible strain of ransomware called doxware that strikes by releasing all of its victim’s private and business information online if the ransom isn’t paid. This ups the ante from simply blocking your files and making them inaccessible thanks to encryption. Depending on what private information resides on your infected system, a doxware attack can result in yours and/or your customers’ name, address, financial information, and even medical records to begin circulating publicly on the Internet.

One level down from this but still a potentially harmful type of data doxing results in private chat conversations ending up in the public domain—and yes, your name (or your company’s or customer’s name) might be attached to it. Not only can you lose privacy around this sensitive information if this happens to your company, but you can also lose customer trust that may never be regained.

Extorting your credit card details. It isn’t always just a one-time payoff demand—certain ransomware strains increase the financial pain by requiring you to give your credit card number in order to get your data back. It certainly can feel worse to be bullied into sharing personal financial information with known hackers who operate on the dark web. If there’s an upside to this method, it’s that it may be easier to track down the crooks who are accessing your bank or credit card account, as opposed to more standard ransomware payment methods like gift cards or BitCoin.

Continuing to target you for ransom payments. Think you can breathe easy if you got through a ransomware attack by paying off the perpetrators? I wouldn’t. Many people and companies decide to pay the ransom but then find the hackers brand them as a repeat target, never leaving their system. Just when you think the nightmare is over, there they are knocking again, locking down your data and demanding another payment to get it back. Can you blame them? There’s nothing for them to lose except your data, and plenty to gain since you’ve proven yourself willing to pay to get it back.

Demanding that you infect others. Having your own private or business data encrypted is bad, but being told that you have to infect two other people in order to get it back is just terrible. This sadistic form of ransomware “pyramid scheme” isn’t just the plot of a third-rate Lifetime movie; it really exists. The difference is that instead of getting money back, you’re left to decide if you want to get your own data back enough to do so at other people’s expense.

Locking down emergency equipment. Also in the league of the most despicable things that ransomware makers have accomplished to date has been targeted attacking of healthcare facilities, including hospitals and emergency services. When medical organizations become victims of these attacks, the malware can interfere with vital and often lifesaving medical equipment, which disrupts everything from stalling scheduled surgeries and making equipment used by 911 respondents inaccessible. This type of cybercrime represents a new low in ransomware attacks, since as troubling as it is to have your business data locked down, it’s certainly much worse to experience interference with medical services and devices that can potentially save lives.

Requesting you to send nude photos. The 2017 ransomware strain (a blocker, not a cryptor) called nRansom shows just how far cybercrooks are willing to go to get what they want—in this case, it wasn’t money. nRansom required an unorthodox tradeoff in order to unlock your machine. Instead of a ransom fee, the ransomware required you to send 10 naked pictures of yourself, which you had to upload to an email address to regain access to your data. Victims were told that the compromising images would be sold on the Deep Web.

In case you thought you could get off the hook by sending an image that wasn’t yours, the attackers assured victims that the pictures would be verified as really belonging to their intended target before the victim would receive the code to unlock his or her device. Fortunately, nRansom ended up simple to defeat since the hackers picked a joke password of “12345.” Nevertheless, it proves the point that money isn’t always the worst demand that ransomware criminals can think up.

Deleting your files (even if you pay). Innocent victims of ransomware attacks often naively assume that if they pay the ransom fee, their data will be safe. Not so fast, though. More often than you might guess, the scenario occurs where someone pays up but has their files deleted anyway. This one-two punch is much worse than losing money or data alone, and it’s doubly frustrating because you’ve lost your files, and also depleted your bank account by forking over hundreds or even thousands in BitCoin or other payment to the perpetrator.

In other more common cases, ransomware threatens to encrypt your files if you don’t pay the ransom. This can happen tortuously one file at a time until you pay (as with the Jigsaw ransomware), or in one fell swoop, by wiping clean all the already encrypted data on your machine if you fail to remit the requested payment within the allotted time frame.

Subjecting you to terrible poetry. While arguably the least terrible tactic of the bunch, some ransomware strains will add insult to injury by reading you really bad poetry while you’re under attack. A good example is WhiteRose virus, which would make Walt Whitman spin in his grave:

“I do not think about selling white roses again. This time, I will plant all the white roses of the garden to bring a different gift for the people of each country. No matter where is my garden and where I am from, no matter if you are a housekeeper or a big company owner, it does not matter if you are the west of the world or its east, it’s important that the white roses are endless and infinite. You do not need to send letters or e-mails to get these roses. Just wait it tomorrow. Wait for good days with White Rose.”

The “poetry” session concludes with the even less poetic statement, “Download qTox and pay us our ransom.”

Encrypting your backups. You may think you have a secret weapon to protect you from ransomware damage if you keep backups and backup media for your files. And it’s certainly true that an important best practice to protect yourself from ransomware is to make regular backups of your data. This works great but only if you have a way to keep your backups uninfected. Today’s ransomware makers know that backups can foil them, so they’re known for figuring out creative workarounds to corrupt your backups as well, finding destinations even if they’re unmapped or worming their way into your backups despite air gapping, lying dormant without you even knowing it’s there.

Because of this possibility, the only real way to safeguard your data is to use a solution that is able to protect your backups and backup media from ransomware by stopping infected files from being backed up, and keeping your backups from ever being encrypted in the first place. If you combine this powerful type of backup protection with other defenses like antivirus software and firewalls, then you’ll finally gain peace of mind in the war against ransomware attackers.

Leave a Reply