Imagine for the moment that it is Saturday morning. It is a time to get caught up on personal matters at home on your trusty laptop. You spot an innocuous FedEx email that mentions an undelivered package, so you click on the link to get the details. Your screen shudders, and your PC gets sluggish for a moment, but you think nothing of it. After checking your other emails, you click on your MT4 icon to review your past week’s trades, and “BAM!” Your screen is replaced by a “skull and crossbones” image with the message, “All of your files are encrypted. They will be lost forever unless you make a ransom payment of $2,400 within the next 72 hours.”
How would you react to this chilling message? One real victim’s response was, “The trauma you feel when you understand what’s happened to you is overwhelming. What they had taken was irreplaceable: 20 years’ worth of my financial and personal files and every photo taken of my wife and me during the 16 years we’ve been married.” What would you do? Would you pay the ransom? You may not get the “key” to re-open your files, and you might even prolong the nightmare by letting the crooks know that you were willing to pay up. Extortion rarely stops with the initial request for a ransom.
Welcome to the world of ransomware fraud, one of the fastest growing threats on the fraud cyber-radar screen. According to security experts, “Ransomware has spread with terrifying speed. This type of malware—short for “malicious software”—accounted for fewer than 2% of emails with malicious links or attachments in the fall of 2015, according to PhishMe, a cybersecurity firm. By last fall, ransomware’s share had zoomed to a shocking 97%. Total ransomware losses in the U.S. hit $1 billion in 2016, up from $24 million in 2015, the FBI estimated.” The FBI has clarified that these estimates are for total implied losses, not “reported losses”, which can be significantly less.
We can always quibble about the top-end numbers, but there is no debate about how quickly this fraud scheme has spread across the globe. Consider these sobering comments from Bill Conner, President and CEO of SonicWall:
“Ransomware is on the rise. We saw that attacks grew 167 times over, from 4 million in 2015 to 638 million in 2016. Victims typically download ransomware by opening an infected email attachment or clicking a compromised pop-up, triggering malicious code. From there, a sequence of events unfolds that locks down the victim’s device and displays a message listing demands that must be met in order to regain access. In the first quarter of 2016, companies paid an estimated $209 million in ransom, and the number of attacks grew from 30 million to over 260 million by the fourth quarter.”
Is the foreign exchange industry at risk?
We have noted in previous articles that cyber attacks on British financial services companies have escalated. Crooks are not dummies. They know to attack where the money is, and London is the forex capital of the world. As one security professional noted, “UK businesses are among the hardest hit by ransomware in the world. Fifty-four per cent of UK respondents were attacked by ransomware in 2016. UK businesses were also much more likely to pay up – almost 60 per cent compared to a survey average of 37 per cent.”
What are the weak points in our industry: “The FX industry is so multi-faceted that the need for cybersecurity exists in many specific areas such as the electric payment processing sector, the safeguarding of client funds in online trading accounts and the actual access to trading accounts themselves in order that trades can be opened and closed. This year, ransomware continues to be a bugbear that most online trading firms and e-commerce entities should be aware of. This, according to many internet security specialists, continues to develop in sophistication and will likely become a worse problem in 2017 than it was last year.”
How can this problem manifest itself? You may be totally unaware of attempts to extort your forex broker, if it has already been compromised. There have already been several incidences where Chinese hackers have openly extorted major forex brokers in the past year, but the problem is quickly extending down to the trader level. “Brokerages, IBs and their clients should be very wary of emails which prompt them to update their passwords. For clients, these could be trading account access passwords, for IBs they could be portal or CRM passwords and for brokers they could be back office passwords.”
What exactly is the Ransomware threat?
Per one online information source, “Ransomware is computer malware that installs covertly on a victim’s device (e.g., computer, smartphone, wearable device) and that either mounts the cryptoviral extortion attack from cryptovirology that holds the victim’s data hostage, or mounts a cryptovirology leakware attack that threatens to publish the victim’s data, until a ransom is paid.” The first extortion attempt on record occurred in 1989 and went by the name of “PC Cyborg”. Fast forward to 2013, and the encrypting ransomware surge took hold of the globe with the advent of “CryptoLocker” and its many copycats. Symantec now classifies ransomware as the “most dangerous cyber threat.”
A more straightforward definition is, “Ransomware encrypts the files on a computer, essentially scrambling the contents of the file so that you can’t access it without a decryption key that can correctly unscramble it. A ransom is demanded in exchange for the decryption key. The ransom fee is usually around USD 300 to USD 500 for a computer, and payment is often demanded in Bitcoins, a virtual currency that is difficult to trace.” A ticking clock may also be deployed to add pressure, but actual ransom amounts may vary widely. Brokerages have been known to pay six-figure amounts to remain operational.
How do the crooks infiltrate my PC or my broker’s network?
From a personal perspective, ransomware cannot proceed without access to a network or device. Today’s criminal is very clever in this regard and has crafted several “sneak attack” methods to achieve his objective. According to survey data, more than a majority of the tricks involve phishing email, designed to lure you to click on mal-ware bearing links or attachments. Once again, the experts tell us that, “Cybercriminals are getting better at creating content that can fool users and bypass detection technologies.”
Have you been tempted to click on an ad on a respectable website? In a multitude of documented cases, crooks have also embedded ransomware in what is now termed mal-vertising. These ads bypass detection and have been found on such sites as the New York Times, the BBC, Realtor.com and NFL.com. Fraudsters are also adept at hiding ransom software in web content, which may take the form of photos, videos, or even comments on a blog. The message is clear – Be wary of ads, pop-ups, and links.
What should I do after I am infected and receive a ransom request?
If you think law enforcement will help you, they have their hands tied, too. According to Leo Taddeo, a former FBI agent now with Cryptzone, “By using Bitcoin and communicating with victims via the anonymizing Internet network known as Tor, criminals who make money from ransomware are difficult to trace. Many of them are based in Russia or some Eastern European countries from which extradition to the U.S. is difficult.”
If you are a victim, is your world over as you know it? Believe it or not, you do have options. Most every expert advises that you do not pay the ransom, although paying may be a quick solution. The crooks, however, may take your money and run, leaving you high and dry, and then pass your name onto others to strike again. If you plan ahead and back up your files on a remote device, then you could be back up in short order.
There is also the possibility of decryption tools being available online for older versions of ransomware, which are not the newer versions. Look for a name on your screenshots or emails. You might be able to find a decryption tool after an online search and decrypt your own files. You might also be lucky to be the victim of a “low-tech” crook. For expediency, he may only scare you with a threat, but never deploy the full capabilities of the ransomware. If you can re-boot without incident, then the threat may be a fake.
What are the best prevention measures to employ?
There is only one way to avoid ransomware – Never get infected by it. That advice is easier said than done. Changing passwords frequently is always a good thing, but experts list these five tips, as well:
1) Always maintain a robust security protection solution on your devices. It is important to keep current with your selected solution since new threats are popping up daily, whether the latest virus or ransomware variant;
2) Bank up your files on a remote device or have a service do it for you. Backing up on a flash drive can be helpful, but remember to disconnect the drive from your PC or it will be swept up along with your other files;
3) Make sure that you are using the latest operating software on your devices, as well, since crooks are always probing for weaknesses on outdated versions;
4) Always be wary of email attachments, especially Zip files and Microsoft Office items (Word, Excel, and PowerPoint). If you are not familiar with the sender or the branding on the email does not look legitimate, do not open any attachments;
5) Browser plug-ins are additional problem areas. Commonly compromised ones include Flash Player and Silverlight. You may have to go to your security settings to disable these add-ons.
Make no mistake about it – Ransomware is the most pervasive fraud threat on your cyber horizon, but we are not alone: “Organisations from many industries have recently fallen victim to the increasingly popular cyber threat known as ransomware. Financial institutions, government agencies, hospitals and more have all been targets of this type of malware.” Individuals and business, alike, are susceptible to this new crime wave.
The reason is obvious. Ransomware now offers crooks the swiftest path to monetization of illegally gained personal data or device access. If you have not been caught in a crook’s crosshairs, consider yourself lucky, but time is not on your side. Heed the advice given, plan ahead, and remember that to be forewarned is to be forearmed!