2017 Cyber Threat Landscape: Ransomware & Hacktivism Are Evolving

By Katelyn Orrok | Tuesday, January 10th, 2017

With a new year comes new threats for the financial industry. This year ransomware is predicted to be a primary threat for companies due to the prevalence of Internet of Things (IoT) devices. IoT devices are an easy target for scammers because they often do not have security measures in place to protect your information (think home security systems, Amazon Echo and baby monitors). Entry into your IoT device can easily provide a gateway for hackers to access your entire network. Because of this, it is important to always remember to change your passwords every 60-90 days, back up data and use safe browsing practices.

Here are some cybersecurity ransomware threats and scams alternative investment management firm should watch out for in 2017:

Popcorn Time

There is a new ransomware in development called Popcorn Time (unrelated to the Popcorn Time application) that puts users in a tough spot. Once infected, Popcorn Time requires users to either pay a ransom of 1 bitcoin (about $800) to get their files back or the victim can choose to infect two other people by sending out a referral code. If two people that you send the referral code to pay the ransom, then you will get a free decryption key. The ransom deadline is one week for you or your victims to pay.

If you thought this scenario couldn’t get worse, think again. Once the user has obtained a decryption key, he/she only has three chances to enter it correctly before the ransomware will begin to delete files permanently. It appears the ransomware encrypts more than 500 file types located in “my documents”, “my pictures”, “my music” and the user’s desktop.

This ransomware seems to still be in the development stage, so things may continue to change, and at this point it’s unclear how far it will spread. The creators of this ransomware claim to be a group of students from Syria trying to raise money for Syrians that are affected by the war.

Koolava Ransomware Variant

Similar to the Jigsaw Ransomware where text is shown on the screen, this ransomware text tells victims that they must read two articles to educate themselves on ransomware. If you do not read the articles in the allotted amount of time, your files will be deleted. If you finish reading both articles, a “decrypt my files” button will become available and provide you with a decryption key to access your data.

This particular variant of the Koolava Ransomware is not well written and is not live yet, but it could be soon.

“Typosquatting”

With this type of cyber threat, hackers will purchase commonly misspelled domain names and duplicate authentic sites hoping that you will enter your log in credentials – which would subsequently be swiped by the scammer. With your credentials in hand, the hacker can log on into the company’s authentic website and gain access to personal information and data.

IT Security Tip: Remember that before you enter personal information on a website you should check the destination URL to ensure that it begins with “https” (to indicate it’s a secure website) and that there are no spelling errors within the domain address.

How Can Investment Firms Protect Against Ransomware?

Educating employees about safe computing practices and taking regular data backups are critical to overcoming - or better yet avoiding - a ransomware attack. Regular backups are a nonnegotiable part of an alternative asset management firm's data protection strategy and these ransomware threats highlight just why.

US-CERT also suggests the following possible mitigation steps that users and administrators can implement if they believe a computer has been infected with ransomware:

Immediately disconnect the infected system from wireless or wired networks. This may prevent the malware from further encrypting any more files on the network.
Users who are infected with the malware should consult with a reputable security expert to assist in removing the malware.
If possible, change all online account passwords and network passwords after removing the system from the network. Change all system passwords once the malware is removed from the system.