Ransomware violates an already compromised PC and installs or latches onto files and encrypts them, holding them hostage and making them impossible for users to access them. The attacker then sends a ransom email to the user demanding payment for an encryption key that unlocks the files.
The most significant finding Kaspersky Labs uncovered is the rising sophistication with which attackers are encrypting the “kidnapped” files. Early ransomware attacks stored the files in compressed archives. Now hackers have turned to asymmetric encryption, which is significantly harder to crack.
“This is a serious threat,” Shane Coursen, Kaspersky’s senior technical analyst told TechWeb.com. “This is a threat that if it affects your system, there’s no way to recover your data. “We'll get to the point where we’re not able to reverse the encryption.”
Alexander Gostev, a Kaspersky senior virus analyst, said that as the level of encryption grows, hackers may outpace virus analysts.
“In spite of the fact that we were able to decrypt 330- and 660-bit keys within a reasonably short space of time, keys of this length are already pushing the boundaries of modern cryptography,” Gostev wrote. “Anti-virus companies might find themselves powerless [in the future], even if maximum computing power were to be applied to decrypting the key.”
Coursen said consumers are the most at risk for ransomware attacks because they usually are lax in installing firewall and antivirus software. He also recommends that PC users backup their machines.
“This is the highest point [in ransomware] we’ve ever seen,” Coursen said. “In the number of new instances of ransomware, not in the volume of attacks, we’re seeing more types of this than ever before. But it’s not reached its highest limit.”