Imagine seeing this on your computer screen. Then think for a moment how you would feel if you couldn’t access any of your files and the person who locked them threatened to delete them every hour until you paid their ransom.
It’s called JIGSAW, and it’s the latest twist in the disturbingly rampant ransomware trend, malware infections that lock the victim out of their files and demand payment in Bitcoins – or the files remain encrypted. What sets JIGSAW apart from other ransomware attacks, besides its horror-flick approach, is the threat to delete files rather than leave them encrypted, and the narrow window for ransom payment. Just like a thriller builds on suspense, fear, and horror, JIGSAW builds pressure on the victim with multiple warnings to pay the ransom or lose their data.
“JIGSAW is forcing the hand of the [victim] organization so they are not going to be able to look at backups” or other options to retrieve their data, says Michael Davis, CTO of CounterTack. “It’s forcing them to pay up immediately and sooner” than other ransomware, he says.
Trend Micro researcher Jasen Sumalapao describes it as an exponential attack. “Recent crypto-ransomware families have ransom amounts that grow as time passes, but not with the same increments as JIGSAW. To make matters worse, it deletes a larger amount of files with every hour while the amount to be paid also increases,” he said in a blog post today. “And with the exponential increase of files being permanently deleted, users may be pressured into paying the ransom so they may either save the remaining files, or avoid paying a larger ransom.”
The ransom reportedly starts anywhere from $20 to $250.
JIGSAW, aka BitcoinBlackmailer.exe, appears to have been created on March 23, and was first used in attacks a week later. According to researchers at Raytheon’s Forcepoint Laboratories, the author uses the file extension ‘.FUN.’
Fear is a big component of the success of most ransomware attacks. Victims feel trapped and panicked, especially if they don’t have good backups of their data. So many relent and pay the ransom; but there’s still no guarantee they’ll see the data. According to new data from the Ponemon Group, just 38% of organizations have a plan or strategy for handling a destructive malware attack like ransomware or other data destruction methods, and that’s down from 43% last year.
Davis, whose company commissioned the Ponemon study, says the drop reflects a reality check as ransomware became more destructive and pervasive. “There was a little overconfidence last year,” he says. “Ransomware didn’t have the effect then that it had at the end of 2015 and in early 2016.”
The data, which is part of the 2016 State of Endpoint Report, shows how most organizations just don’t have the capability to defend or prepare for a ransomware attack. “This is showing that access control is not [happening] in organizations,” he says. One user getting infected with ransomware shouldn’t end up bringing an entire organization to its knees, he says.
More than half of organizations consider ransomware one of the most harmful attacks today, behind zero-day attacks were number one (71%); followed by distributed denial-of-service (DDoS) attacks (68%); and exploiting an existing vulnerability (53%).
According to Trend Micro’s research, JIGSAW infects machines via a file they download from a free cloud storage service called 1fichier[.]com. This isn’t the first time the cloud storage provider has inadvertently hosted malware, either, but the malicious URLs have since been removed from their site.
Ransomware has been so successful because it is not a sophisticated form of attack. It relies on the naivety of users to unknowingly infect their own systems. However, because it is so simple, there are concrete steps any user or organization can take to defend themselves, and protect themselves from this type of attack.
If you would like to learn more, or get help with protecting your organization’s systems, give us a call and one of our security experts will be happy to assist you.
Fill In The Form Below for industry news, and information about our services, events, webinars and more.