Extortionists Want to Give the Gift of Ransomware this Holiday Season
November 2015 by F-Secure
The holiday shopping season is right around the corner, and marketing firms say online shopping will continue to play a big part of holiday sales. But while Black Friday and Cyber Monday are generally seen as kicking off the start of the holiday shopping season, security experts at F-Secure warn that criminals will be running ransomware and malware campaigns all through December, and not just the days with the biggest advertised sales.
“Cyber Monday is just the tip of the iceberg when it comes to holiday shopping, so people telling you that there are unique risks that go along with it aren’t doing you any favors,” said Sean Sullivan, Security Advisor at F-Secure. “Criminals are out to get people 365 days a year, but attacks become more prevalent during the holiday season because more people are shopping online. Cyber Monday is no more or less safe than any other day of the year, but people should be aware that visiting sites loaded with ads can result in a nasty surprise.”
Ransomware is one threat that becomes more prevalent during the holiday season. Ransomware is malicious software that lets criminals lock people out of their computers until the victim pays a “ransom”. F-Secure Labs saw a substantial increase in detections for a number of ransomware families from November to December in 2014, including a roughly 300% increase of the Browlock ransomware family* that was highlighted as one of the top 10 threats in F-Secure’s most recent threat report.
Browlock is a subset of ransomware that researchers call “police-themed ransomware” because it locks people out of their computers with a lock screen suggesting it’s acting on behalf of law enforcement. Detections of police-themed ransomware see a substantial increase before and after the holidays, but other types of ransomware follow slightly different trends, as the criminal infrastructure behind them differs. Ransomware like Cryptowall, which relies on encryption techniques to lock content such as pictures and documents, use human agents to help victims complete their payments and unlock their devices, making them unique but no less significant during the holidays.
According to Sullivan, Cryptowall activity experienced a sudden drop last year in early January,** indicating that people running Cryptowall campaigns during the holiday season were most likely beginning their own vacations.
“Police-themed ransomware use a lot more automation than families that actually encrypt data, and frankly, most of those families won’t unlock devices after the victim pays,” said Sullivan. “But Cryptowall and similar families have people providing customer service to help victims make their payments, and those people take holidays like everyone else. Last year Cryptowall shut down around January 6th – that’s Christmas in Russia, so it’s a pretty good bet they were enjoying the money they swindled in December for their own vacations.”
Three Tips for Safe Online Shopping this Holiday Season
Anyone that becomes infected with Browlock or other police-themed ransomware can consult F-Secure Labs’ removal guide to learn how they can remove the malware without having to pay the ransom. But the best defense is for people to avoid exposing themselves to threats. There’s a few easy things people can do to minimize their risks while online shopping.
1. Browse with an iPad or other mobile device: Even though mobile devices are just as popular as PCs, most malware is designed to compromise Windows-based PCs, so using a mobile device to browse holiday offers can minimize risks. Sullivan says he uses an iPad with F-Secure Freedome to check out holiday deals and get gift ideas.
2. Make financial transactions with a secure PC: “Mobile devices are all about convenience, but this doesn’t make them more secure,” said Sullivan. Many people have apps on their mobile devices with confusing or invasive permissions, and some will even save things to cloud storage services without people’s knowledge. Even though most malware works with Windows, traditional PCs give people more ways to manage settings that control how information is stored, which is important when using credit card numbers or banking information online.
3. Beware clickbait: Malvertising is a common way to accidentally download malware or navigate to malicious websites, so think before you click on any advertisements or email offers that seem too good to be true.
*Source: Based on average daily detections by F-Secure Labs from November 2014 to January 2015.