Of Cryptoviruses and Hope for a Cure From Malwarebytes

If you’re in a rush, skip on over to the official security blog at Malwarebytes for the original post on this possible anti-ransomware breakthrough. It’s early news about a beta release tool at this point, and not ready for prime time, but it could be a ray of hope for law firms who live in fear of infection by the most dreaded of malware variants: the cryptovirus.

I feel like this may particularly be a good sign for small firms who cannot afford active threat protection services from premier providers. If average users can rely on standard anti-virus tools, it will offer peace of mind to the average law firm at a practical price.

From cryptoporticus (n. 1581, a subterranean passage) to cryptolect (n. 1982, a secret language used by a particular group of a community) the Oxford English Dictionary has about 100 entries derived from the mother etymon of crypto—derived from the Latin word for something covered or concealed. Surprisingly, although the OED published four updates every year (in December 2015 bankster and firewalling were added), cryptovirus has yet to find its place in the official lexicon.

It is a term, mind you, that lawyers may ignore only at their peril.

A Cryptovirus is a variety of malware, or ransomware, that infects computer file systems and uses encryption to lock down a system’s files so that the legitimate user cannot access them without a key to decrypt. There are a plethora of known ransomware “families” (the diversity of code being evidence that this is a lucrative business for cyber criminals) representing many more variants than the early days of Cryptolocker, which is kind of like the Kleenex of the ransomware world, a generic name now used indiscriminately.

Infection is, needless to say, terrifying for a law firm. Dan Pinnington of www.avoidaclaim.com has, and continues to, post to Slaw about the havoc cryptoviruses can bring to a law firm. A year ago the Law Society of BC released an alert specifically about an extortion attempt that failed (due to good data backup practices), but which prompted the victim firm to pay a ransom. Payment methods are usually anonymous (like bitcoin or more simple still a PaySafeCard that leaves a faint money trail). Compliant victims are sold on the hope of getting a key back to their data—but much like the life of a hostage in the analog world, the outcome of a paid ransom is rarely assured.

Now the company Malwarebytes reports:

Malwarebytes Anti-Ransomware uses advanced proactive technology that monitors what ransomware is doing and stops it cold before it even touches your files. It has no shot at encrypting. And it does not rely on signatures or heuristics, so it’s light and completely compatible with antivirus.

These methods proved to be so successful at stopping ransomware that Malwarebytes Anti-Ransomware detected all of the latest and most dangerous ransomware variants right out of development and into beta 1.

This means when running Malwarebytes Anti-Ransomware, you do not have to worry about getting infected by CryptoLocker, CryptoWall, or CTBLocker. Better yet, it can defeat new ransomware the moment it is released, proactively protecting you from ransomware that’s never even been seen before.

This is heartening news—and hopefully not naive—since frightening things can be found in McAfee Labs’ 2016 Threats Predictions related to cryptoviruses:

Ransomware will remain a major and rapidly growing threat in 2016. With upcoming new variants and the success of the “ransomware-as-a-service” business model, we predict that the rise of ransomware that started in the third quarter of 2014 will continue in 2016.

In 2015 we saw ransomware-as-a-service hosted on the Tor network and using virtual currencies for payments. We expect to see more of this in 2016, as inexperienced cybercriminals will gain access to this service while staying relatively anonymous.

Although a few families—including CryptoWall 3, CTB-Locker, and CryptoLocker—dominate the current ransomware landscape, we predict that new variants of these families and new families will surface with new stealth functionalities. For example, new variants may start to silently encrypt data. These encrypted files will be backed up and eventually the attacker will pull the key, resulting in encrypted files both on the system and in the backup. Other new variants might use kernel components to hook the file system and encrypt files on the fly, as the user accesses them.

The groups behind most current ransomware campaigns are going for “fast cash,” by using spam campaigns and exploit kits such as Angler, and targeting wealthy countries in which people can afford to pay the ransom. While we expect this to continue in 2016, we also foresee a new focus on industry sectors including financials and local government, which will quickly pay ransoms to restore their critical operations. In fact, we have already have seen criminals be quite effective in attacking these sectors. Usually only Microsoft Office, Adobe PDF, and graphics files are targeted; in 2016 we predict that other file extensions typically found in business environments will also become targets. Attacks will continue on Microsoft Windows. We also expect ransomware to start targeting Mac OSX in 2016 due to its growing popularity.

– Find Nate Russell on Twitter

Comments are closed.