2016 was the year of ransomware – 146 new families of these perfidious malware were discovered. The year before, it was just 29. The malicious programs earned the cybercriminals an estimated worldwide profit of around one billion dollars in 2016. Logically, the criminals expanded their sphere of influence: Until recently, Windows PCs were hit primarily by attacks with ransomware, now hackers are also targeting Macs and Linux PCs. More recently smartphones or tablets with an Android or IOS operating system became a target, too.
The reason is simple: Macs are becoming more and more “normal”, which is why the proportion of Apple computers in the internet is getting bigger. The same applies to Linux machines. And almost everyone has a smartphone today.
So far, you could feel safe as a Mac or Linux user. Windows has always been in high risk: Viruses, worms or Trojans for the two other systems – which, like smartphones, are also based on the UNIX operating system – were hardly known until recently.
Macs are still more secure than Windows PCs
Mac users are currently still far less vulnerable than Windows users, as the spread of ransomware on the Mac so far requires a manual intervention of the user. But it will certainly come to that, that attackers find a more efficient way of dissemination. Then mac OS could be just as vulnerable as Windows. Although the malware “Patcher” was recently discovered as an application for cracking popular software, the program is quite bumpy. So the code is missing lines for the communication with a C & C server, so in the case of an infection the affected person cannot pay the demanded ransom, his data remains encrypted.
More dangerous is “KeRanger,” which attacked about 7,000 Macs in 2016 – and even hit time-machine backups. A quick intervention by Apple prevented worse then, but the successful malware program will certainly follow more. It is therefore important – as it should generally be the case – that the backups should be stored on a storage medium that is not connected to the internet or the network.
Cybercriminals are also interested in Linux machines
Ransomware is currently an absolute exception for Linux systems. A pest discovered by security researchers is a Linux variant of the Windows malware “KillDisk”. However, this malware has probably attacked only financial institutions or critical infrastructure in the Ukraine. Another problem here is that the decryption key that is generated by the program to unlock the data is not stored anywhere – possibly encrypted data cannot be unlocked, whether the ransom is paid or not. Soothing is that the data can still be recovered, however, albeit at great expense.
The Linux pedant to “KeRanger” is called “Linux.Encoder.” This malicious program originally came from an open source ransomware project and is relatively easy to comprehend because of its bumbling programming – accordingly, the chance of getting his data back is great. But here, too, one will have to deal with improved versions in the future. At the moment, the situation is still pretty relaxed.
Most interesting for hackers: the smartphone
Almost everyone today has a small pocket computer in his pocket – his smartphone. And on it often a variety of private and business data whose hostage-taking is interesting for hackers is stored upon.
However, the infection with the malware does not happen incidentally, the user of the phone must actively participate and independently, for example, load a contaminated app on his device. However, not everything is lost then. In the safe mode of the smartphone, apps can be uninstalled – with luck, the buggy program. If that does not work, the use of special removal tools is a possible solution – or resetting to factory defaults, which will erase all stored data.
Although the manufacturer of the smartphone operating system Android – Google – reacts quite well to known malware problems, however it still may take some time for the device manufacturers to incorporate the updates into their own brand-specific operating systems and then deliver them to their customers.
IPhones are better off. The previous reports about surfaced ransomware were not completely correct, mostly what happened were just pseudo-ransomware attacks or simple error message spam. The reason for the much better performance compared to Android phones is on the one hand that Apple does not work with open source software and on the other hand that Apple reacts very quickly to possible problem areas and provides its customers with updates – without having to take the long way via external companies. However, even with Apple smartphones it cannot be ruled out that the situation changes to the negative.
Therefore, it is recommended – as with all computers – to create frequent backups of precious data. Thus, in the case of a case, the device can be set up with not too old data – and the blackmail runs into the void.
In the case that your backup or the backup system did not work and your find your data being attacked and encrypted by a ransomware, you should contact a data recovery service provider like Kroll Ontrack immediately. Remember not try out any self-data recovery methods you might find on the internet. Better stop working, shut down your effected device and sent it in the data recovery laboratory. The experts will check what has happened and will decide for the best way to regain your data.
Picture copyright: pexels.com
Michael Nuncic is Marketing Communications Manager at the German Ontrack Data Recovery office in Böblingen for more than 5 years. Highly experienced in computer, network and software topics, he is a professional editor for blog and technical articles for almost 20 years now.