Don't negotiate on ransomware

Ransomware is a relatively recent form of malware that has been growing in prominence over the last decade. Many Australians may remember the recent hacking of apple devices as a particularly high profile example.

Traditionally, ransomware (the name coming from malware that holds your system to ransom) unashamedly infects your system, locks you out of your computer or phone, and demands that money be paid to the hacker in order to restore the owner’s control of the system. In late June, a new form of ransomware called “Koler” was spotted in Russia, targeting Ukrainians, before moving to the US, and finally to Australia.

The ransomware was distributed through pornography websites, and would try to lock your screen to prevent you from being able to use your device. Previously, most ransomware attacks were quite blatant about the fact that they have illegally hacked a device.

However, Koler is more sophisticated. It pretends to be a message from an official source, particular to the target’s country. In Australia, it showed an Australian flag, with the names “Australian Communications and Media Authority” “AFP Crime Commission” and “Royal Australian Corps of Military Police” displayed like a letterhead. Instead of demanding a ransom, it instead claimed that the user’s phone or tablet had illegal pornography on it, and they must pay a fine.

This evolution from brute force to using trick tactics has left many users concerned. As ransomware begins to become more prevalent, particularly on mobile devices, there are three steps that users should keep in mind, lest they become infected themselves.

Keep your phone protected and back it up regularly

Both Android and Apple have made it very easy to store all of your data in the cloud, meaning that it’s not lost if your device is lost, stolen or hacked. Android users can automatically sync contacts, apps, images, and video content with a Google account. Apple users have a similar option with the Apple iCloud, which gives 5GB of free storage. For the best protection, set this to run every day.

Most security vendors provide free anti-malware software to protect your phone, which you can use to scan a file before downloading it. In addition, you can use this software to wipe any malware from your system.

Monitor and assess downloads

Most pieces of malware are what are commonly known as “Trojans”. Some of which may require a user to actively install and execute the application for them to take effect. While most people know not to download banner ads, Trojans have evolved to mimic innocent apps, often under the guise of a Facebook, Twitter, Adobe or Java update. When a user downloads these updates, they have unintentionally installed the malicious software on their device. In the case of Koler, the malware pretends to be a downloadable video. Videos should only run through verified video players, or better yet, verified apps themselves.

All app downloads from your phone should launch through the Apple App or Google Play store. Even if you are using a mobile web browser, clicking on a reputable download should take you to the official page to update or install the application. Any downloads that do not run through this system should be treated with suspicion. Look at the download count and comments on the app before you download it. If the app only has a handful of downloads with negative feedback, consider whether this is safe for your device.

Don’t panic and pay

Even the best security professionals can be stung by malware, so it’s vital that users can identify it when they see it. Often, people will panic and pay, losing hundreds of dollars to scammers. With attacks such as Koler using sophisticated tactics, posing as official sources, remember that organisations which involve the regular transfer of money, such as online shopping sites or banks, have disclaimers littered throughout their collateral stating “no member of our staff will ever ask for your password or request money”.

On the more threatening end of the spectrum in terms of tactics, some forms of ransomware will actually take a photo of the user from their forward facing camera, to add an extra level of fear. Again, it’s important not to panic when faced with this type of demand. In truth, there is very little that a hacker can do to your device at this point, aside from try to blackmail users to pay. The best thing to do at this stage is use your anti-malware software to remove the ransomware from your system or migrate your information to another device.

The reality is that many people are logged into multiple devices simultaneously and have a lot of personal data on their devices, so being secure online is of paramount importance. Many companies are implementing device security policies, but neglect to address ransomware.

Due to the fear factor imposed by these malicious applications, it’s vital for both businesses and individuals to understand the applications, and implement a contingency plan to remove the fear and uncertainty that comes with this type of attack. Sometimes a simple discussion about security can make the world of difference to your peace of mind.

Sieng Chye Oh is a security researcher at cybersecurity company ESET.