It’s increasingly easy for someone to build and launch ransomware, regardless of skill. All you need is ill intent and access to the dark web.
Sophos global security research head James Lyne outlined the threat in an interview with NBC’s Today show. [The full report is available on the Sophos Blog.] Lyne told NBC reporter Tom Costello:
Anyone with intent can buy a kit. This is ransomware as a service.
The existence of do-it-yourself malware kits is certainly not new. We can go all the way back to the early 1990s for examples, including DOS-based tools such as VCL (Virus Creation Laboratory) and PS-MPC (Phalcon-Skism Mass Produced Code Generator). Back then, the main purpose of malware creation tools was to give non-techies entry into the virus-writing counterculture. Today, the game is to make tons of money.
In two recent examples:
- SophosLabs released a paper last month on one such kit, AKBuilder, which malicious actors can use to package malware samples into booby-trapped documents they can then spam out.
- Also last month, SophosLabs warned that another builder – Microsoft Word Intruder (MWI) – has been continuously tweaked to expand the target range. Traditionally, MWI has used popular Microsoft Office exploits to get at its victims. But the latest updates add a new twist: for the first time in the history of MWI, a non-Office exploit was added.
Lyne brought the dangers into clearer focus during his interview, describing the dark web as a marketplace where malware kits are advertised the same way a traditional retailer might advertise products on their online stores. Lyne told Costello:
It’s astonishingly overt. The kits available on the dark web come with [simple instructions] on how to configure your blackmail software.
To put it all another way, people don’t need much skill to do serious damage. All they need is a hunger for money, especially the bitcoins that are typically their top want. Lyne said:
Your entire digital life can be theirs. It can cost a lot of money. This is real business impact.
How to protect yourself
Lyne’s advice is consistent with what we’ve been saying all along: back up data continuously, and keep all software security up to date.
We regularly offer advice on preventing (and recovering from) attacks by ransomware and other malware.
Here are some links we think you’ll find useful:
- To defend against ransomware in general, see our article How to stay protected against ransomware.
- To protect against JavaScript attachments, tell Explorer to open .JS files with Notepad.
- To protect against misleading filenames, tell Explorer to show file extensions.
- To learn more about ransomware, listen to our Techknow podcast.
- To protect your friends and family against ransomware, try our free Sophos Home for Windows and Mac.
Techknow podcast — Dealing with Ransomware:
Laurence Marks
As more people move to MS-Office 2016 we should see fewer Office-based exploits. These files are marked with an indicator for origin or download. When they are opened on computers other than the original, they are opened in a limited mode. Editing and macros are suppressed. A warning banner across the top discourages clicking the Enable Editing button unless the user is certain of the source.
It would take a really convincing social engineer and a really gullible user to get that button clicked. No one would do that, would they?