A firm called enSilo, which helps companies fight ransomware, says it receives nine or 10 calls daily from individuals asking for help to free their computer. In response, the firm decided to create a website that shows a collection of “ransom notes” received by various targets.
The notes reveal how crooks will typically give victims 12 to 96 hours to pay, and promise to send them the decryption key to their files via a Gmail or AOL email address once they do. Some of the notes are straightforward demands for payment in broken English. Others employ images of Guy Fawkes masks (a popular motif with hackers), and one uses a cartoon character from South Park to mock the target:
In case you’re unfamiliar with ransomware, it first gained attention this spring when criminals used it to remotely lock down computers at a Los Angeles hospital (the institution had to fork over $17,000 to recover critical patient files). Since then, it has morphed into an epidemic that has hit universities, small businesses, and a growing number of individuals.
Ransomware is replacing credit card theft as cyber-criminals’ preferred scam of choice in 2016. It’s low risk, the pay-off can be high and it’s so easy to use that even low level crooks are getting in on the action. Security experts say hackers will usually make good on their promise to decrypt the files after the ransom is paid, since doing so is ultimately good for their business model (it gives an incentive for future targets to pay).
There is also a growing trend of ransomware makers, who are mostly located in Eastern Europe, building attack software they license to others in return for a cut of the proceeds. This arrangement even has a name: RaaS, for Ransomware-as-a-Service.
So how will anyone put a stop to this? So far, there are few ways to fight it, though enSilo is planning an ambitious counter-measure that could make a big difference if it works.
According to Roy Katmor, the CEO of enSilo, the company’s decision to post the ransomware notes is part of a larger plan to gather data about how the attackers operate, and ultimately to thwart them.
Get Data Sheet, Coins2Day’s technology newsletter.
Katmor, who ran security strategy at networking giant Akamai, also has a more specific plan. It involves asking people to download a special file that will help enSilo break the encryption if their computer is attacked.
In the event of ransomware attack, the special file would end up getting encrypted along with all the other files on the computer. But Katmor says the file would serve to reduce the number of guesses enSilo would need to solve the attacker’s decryption code. Put another way, enSilo would not need to try and crack a near infinite number of variations (which is why current encryption tools are basically unbreakable), but instead could use the accumulated data associated with the file to reduce the number of variations enSilo would have to test.
The upshot, says Katmor, is that enSilo’s technique, which will be ready in a few month, will make it possible to decrypt 60% to 70% of ransomware attacks within three hours. To make this work, Katmor hopes to get help from tech giants like Microsoft and Amazon and Google. Those sort of companies are the only ones that have the cloud computing power required to “brute force” the solution to the ransomware’s decryption key.
But will the big cloud companies agree to work with a firm like enSilo? Katmor concedes that, at the enterprise level, the cloud computing giants would regard his company—and each other—as competitors. But now that ransomware is affecting so many individuals and small businesses, he says the industry may cooperate to stamp out a common nuisance.
Katmor said he would contact Coins2Day when his anti-ransomware product is ready a few months from now. It’s hardly a sure thing, of course, that the company will be able to pull off its ambitious plan, though Katmor’s security background suggests enSilo will have a fighting shot.
Nervous computer owners, in the meantime, can continue to rely on one nearly sure-fire to prevent their devices being held for ransom—use Apple products, which have so far proved largely invulnerable to these sort of attacks.