A new ransomware? Why cybercriminals may be giving up on encrypting

By Dirk Averesch

ILLUSTRATION - Cybercriminals are changing the way they work, and regular backups are more important than ever. — Photo: Nicolas Armer/dpa

BERLIN: Cybercriminals have been building up their toolbox for attacking individuals and businesses in recent months, and cybersecurity experts say there has been a fundamental change in the way that encryption malware is operating.

Until now, most ransomware (malware designed to hold files hostage until the victim pays to get them back) encrypted the data on a victim’s computer or a company’s network and the cybercriminals then demanded payment to decrypt it.

However, a new kind of Trojan is increasingly being spotted, one that first copies your files and then destroys them, IT security experts say.

For users, the consequences of a copy-and-delete malware remain the same – files being held ransom. This is because the attackers only make money by returning the stolen data if you pay up.

They also often threaten to publish captured files in order to drive up the price, according to German tech industry website Heise Security.

The main reason for a new kind of malware is that encrypting data is costly and error-prone. In many cases, security researchers have managed to recover data without a ransom having to be paid because of flaws in the encryption.

In addition, encrypting large amounts of data takes a very long time and suspicious write operations or a high computing load on the computer may be noticed by the potential victim, who could possibly stop the encryption.

”Eliminating the step of encrypting the data makes the process faster and eliminates the risk of not getting the full payout, or that the victim will find other ways to decrypt the data,” says cybersecurity company Cyderes.

Only time will tell whether copying and deleting will replace encryption, or whether both types of attack will coexist in the future

What is certain, however, is that regular backups on external storage drives remain the most important protection against this kind of extortion software. After all, you don’t have to “buy back” your data if you already have it backed up.

In addition to backups, the German Federal Office for Information Security (BSI) recommends three preventive measures: regular (preferably automatic) security updates for all devices, an active virus protection program, and never opening emails from unknown or dubious senders. – dpa

×

Related stories:

S’pore organisations among most targeted in the world by ransomware attacks, study says

S’pore authorities warn of ransomware in form of Windows OS update

A ransomware attack cost this entrepreneur a year of his life and almost wrecked his business

Ransomware attacks on US hospitals put patients at risk

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Report it to us.

Next In Tech News
Britain's M&S sorry after website and app hit by 'technical issue'
Honey, I love you. Didn’t you see my Slack about it?
The architects of ‘Hades’ strive to bewitch gamers again
A pithy YouTube celebrity’s plea: Buy this video game
Coming soon: Control your smartphone with facial expressions
Crypto lender Genesis to return $3 billion to customers in bankruptcy wind-down
US, TikTok seek fast-track schedule, ruling by Dec. 6 on potential ban
DXC Technology tumbles as investors fret over latest restructuring plan
Microsoft to release next 'Call of Duty' game on subscription service, source says
US labor board will suspend case against SpaceX pending company's legal challenge

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.