Small and medium-sized enterprises should back up their data carefully if they don’t want to fall victim to ransomware attacks from hackers.
This is a warning issued by Kaspersky Labs along with the release of their quarterly report on malware.
Record Numbers
In that report, Kaspersky Labs confirmed that the number of ransomware incidents—malicious software capable of collecting and encrypting information and demanding a ransom for data recovery—has reached unprecedented levels. Moreover, the encryption algorithms are becoming increasingly complex.
Kaspersky’s statistics show that the number of ransomware victims hit a record high in the second quarter of 2006. This type of malware first emerged in early 2005.
Encryption Technology – A Cat and Mouse Game 
Initially, ransomware only used simple encryption algorithms to “kidnap” files and demand ransom. However, in recent attacks, ransomware has incorporated RSA encryption technology, and hackers have begun utilizing more complex password protection and file hiding solutions.
Kaspersky believes that attackers and security firms are currently engaged in a “cat and mouse” game, where security companies research ways to decrypt ransomware while hackers continue to implement more complex encryption solutions.
“There are still situations where security companies cannot decrypt files that have been hijacked,” stated Davide Emm, a senior technology consultant at Kaspersky. “In larger companies, the IT departments regularly back up data. Therefore, the primary threat is aimed at small businesses and individual users, as these groups often do not pay much attention to data backup.”
For example, the latest variant of the Gpcode ransomware has utilized a 660-bit encryption key. Experts estimate that it would take at least 30 years to crack this key using a computer running at 2.2GHz.
The Limits of Technology
However, based on their research, Kaspersky has been able to crack this encryption key and enhance the protective measures of their security software.
While Kaspersky has managed to break these encryption keys, researchers believe that encryption solutions have reached the limits of modern encryption technology.
This implies that if future attacks occur, it may be possible to successfully decrypt the keys, meaning victims of ransomware will have to pay to regain their data.
The creators of the Cryzip and Krotten ransomware—some of the most widely used ransomware techniques—are still at large. However, even if they are captured, their work will continue to live on in the hacker community, where others will build upon the foundations of Cryzip and Krotten.
Clearly, ransomware will continue to be a major headache for the security industry for a long time to come.
Hoang Dung
