Small and medium-sized companies are being advised to back up data if they want to avoid the risk of ransomware — the use of malicious code to hijack user files, encrypt them and then demand payment in exchange for the decryption key.
Security specialist Kaspersky Labs on Monday warned that the encryption algorithms used by cybercriminals are becoming increasingly complicated, foxing antivirus companies.
"There's a potential situation where antivirus companies won't be able to decrypt the files," said David Emm, senior technology consultant at Kaspersky UK. "Within a corporation, the IT department normally backs up files. The danger is where attacks are launched at smaller businesses [without IT departments] and individuals."
Trojan horse programs can be sent out as spam or hidden on malicious sites. Once a machine is infected, files are either encrypted individually or grouped together and locked in a password-encrypted folder.
Strong algorithms such as RSA public key encryption, one of the most popular technologies, are increasingly being used by criminals to foil the decryption techniques used by antivirus companies.
Since January, Kaspersky has seen an increase in the strength, from 56 to 660bit keys, of the encryption being used by hackers to lock files. "Virus writers' attitude to date is that encryption only needs to be strong enough. It's alarming that we're now getting onto the level of serious encryption," said Emm.Kaspersky claims to have seen an increase in the amount of ransomware, but says it has not seen an epidemic."It seems to have been escalating, but it's just one weapon within their arsenal," said Emm.
Antivirus vendor Sophos said that businesses should not have a problem with ransomware, as their files will have been backed up.
"If your data is backed up, you can recover," said Graham Cluley, senior technology consultant for Sophos.
For Sophos, a bigger problem is "filenapping". Once a machine is infected, all files and information are copied and wiped from the original system. A victim must then pay a ransom to recoup their filenapped data.
Sophos said it was not seeing "a tidal wave of activity", but confirmed that encyption algorithms used are getting more sophisticated.
Last month Greater Manchester Police decided not to pursue the criminals who used a Trojan horse program called Archiveus to lock a Rochdale woman's files and demand a ransom to release them.
Talkback
Ransomware dates back all the way to dBase files. There used to be a worm that tried to spread and encrypt databases without you noticing it until after a while it stopped decrypting. Nothing new there. What is new are the targeted attacks. Custom made attacks, not likely to be detected (could even be an inside job), just for you.
A real new trend is DRM however. That encrypts stuff as well. Gives you less rights then you had before but you pay more for it. As well as increase your risks. And worse then crackers it has almighty multinational marketing machines behind it. Somehow that seems to make our politicians blind and deaf.
Interesting that even though the contents of the PC were maliciously "changed", the police don't consider this real crime to be worth pursuing, yet TB allowed a chap to be extradited to the US for just looking at files on an insecure system.
Obviously IT Crime is OK provided you don't upset an American.