Whilst law enforcement agencies often recommend not paying the ransom demanded by cybercriminals, Kirk has reacted by taking steps to reassure its victims that payment will mean their files are decrypted. On Kirk's own "user support site" victims can chat with "support staff" to answer their questions, as well as trial the decryption of a small file, under 15kb in size, so to demonstrate that decryption is possible and just one payment away.
In January 2017, Spora was identified as the first ransomware to be able to encrypt files without having to contact a command-and-control (CnC) server, yet whilst still creating a unique decryption key for each victim.
This is deadly because it means the victim's computer does not have to be connected to the internet in order for the ransomware to infect the computer. Often this is one of the weaknesses of ransomware, because once the C&C server is known, it can be blocked by a firewall and the encryption process does not have the opportunity to start. Spora bypasses this preventative measure entirely.
Whilst previous ransomwares have also been able to perform offline encryption, they tend to do so using the same decryption key for all victims, meaning that once the key or decoder tool is shared and made widely available, that particular variant of ransomware can be decrypted without paying the ransom. However Spora has developed an effective technique to counter this, which is more bad news for defenders.
Another of Spora's innovative features is that it adjusts the ransom amount depending on the type of victim. To do this, Spora's creators have added campaign IDs to their encryption code depending on the types of victims they were targeting, say for example MNCs, SMBs or individuals. Once the victim tries the online decryption service, Spora will identify the campaign and adjust the ransom accordingly in the hope of maximising the number of payees and revenue.
The War Against Ransomware
As shown by these three examples alone, it's clear that the rapid evolution of ransomware is making the war against ransomware even harder than it already is. Fortunately, the best practices to protect against ransomware are already known and well documented:
1. Understand the targets
2. Use a good backup solution
3. Educate your users
4. Don't forget your remote workforce
5. Keep management simple
Yet despite these best practices, the ransomware epidemic continues to spread, why? Well first it's important to say that in cybersecurity, there is always an element of risk and there is no such thing as 100% security. With that out the way, let's examine the reasons.
Sign up for CIO Asia eNewsletters.