Ransomware is considered by most to be one of the biggest threats to individuals and businesses today. The basic way that ransomware works is that a computer is infected through normal channels (email links, corrupt websites, ect) and the software takes all the files (including pictures, documents, videos, ect) and encrypts them using advanced encryption methods. Once encrypted, the software will notify the user that all their files have been encrypted, and they will only be given the key to unencrypt if they pay a ransom.
Unlike other types of virus or malware that use the computer’s processing and can therefore be removed without too much trouble, the ransomware can’t be undone by an anti-virus or anti-malware program. If the users have backups of their files, they can format their PC and restore their files. Sadly, however, most people do not have this type of backup done. This means that users are forced to choose between either losing all their files, or paying the ransom.
While there are no guarantees that paying the ransom will actually get your files unlocked, most of the cyber criminals conducting this type of activity have actually been delivering on their promises. From a marketing point of view, it makes sense. If people are confident that they will get their files back, they are more likely to actually make the payment.
This ransomware issue has gotten worse recently, and research that was conducted by Check Point Software Technologies is helping to show just how bad it really is. Specifically, they looked at a ransomware affiliate network that actually pays people to infect users. The network works just like traditional affiliate networks where the developer of the software (in this case, Cerber malware) gets a portion of the money made, and the individual who gets computers infected and does the rest of that type of ‘work’ gets the rest.
The affiliates who do the actual infecting have access to a modern dashboard where they can keep track of their earnings, how many people they have infected, and much more. If it weren’t for the fact that they are extorting computer users and breaking numerous laws, this would seem like a very well run affiliate network.
According to the report, people who work with this affiliate network use email and websites to infect computers with the ransomware. Once done, the infected computers demand 1 Bitcoin (about $565 today) and that doubles if the computer owner doesn’t pay within a week. If they do pay, the money goes to the developer of Cerber (who runs the affiliate network). He or she then runs the bitcoins through a mixing service, which is essentially digital money laundering. When done, he or she keeps about 40% of the money, and pays the affiliate 60% of it, all through Bitcoin.
CheckP Point estimates that Cerber’s author has made close to one million dollars over the past year, and in just July 2016 will bring in about $195k, indicating that the issue is only growing. They also estimate that only about .3% of infected victims end up paying the ransom, but when infecting people is fairly easy, that can add up very quickly.
South Korea computer users are currently the biggest victims, followed by those in the US. Interestingly, the report found that computer users in Armenia, Azerbaijan, Belarus, Georgia, Kyrgyzstan, Kazakhstan, Moldova, Russia, Turkmenistan, Tajikistan, Ukraine, and Uzbekistan are not effected by Cerber at all. This is a strong indication that the malware is being developed in Russia or one of the other listed countries.
Getting infected with this type of ransomware can be devastating to individuals and businesses, especially digital marketers who make a living online. Even if files are backed up, restoring computer systems takes a significant amount of time and effort. With this in mind, all marketers (and all computer users) should really take some time to make sure their computers are protected using effective anti-virus and anti-malware systems that are proven to be able to detect and prevent Cerber and other ransomware from taking hold in their systems.