FireCrypt ransomware added new levels of functionality to existing techniques, posing a fresh threat to individual technology users and businesses alike.
Researchers at MalwareHunterTeam first identified the ransomware, SecurityWeek reported. The team found that the ransomware relies on familiar processes in addition to new distributed denial-of-service (DDoS) functionality to create an additional menace.
This extension of existing ransomware capabilities demonstrates how cybercriminals continue to search for new ways to broaden online threats. Senior executives must take note and continue to monitor the approaches of malware authors.
FireCrypt Ransomware Adds DDoS Twist
BleepingComputer reported that the ransomware uses familiar infection and encryption techniques and deploys a typical ransom demand. The ransomware disguises itself as an executable (.exe) in an existing file such as a photo or document to trick users into launching the malware. Once launched, the malware encrypts the information held on the victim’s device and displays a ransom note on the desktop screen. The malware currently demands $500 in bitcoins, according to the International Business Times.
The key difference between FireCrypt ransomware and other malware is that its damage extends to DDoS techniques. After the ransom note is delivered, the ransomware source code launches a function that fills the user’s temporary folder with junk files.
Cryptic Connections
While the identity of FireCrypt’s creators remains unknown, MalwareHunterTeam noted clear connections to the Deadly for a Good Purpose ransomware, which was discovered in October 2016, BleepingComputer reported. Both types use the same email and bitcoin addresses for ransom payment details, for example.
Ransomware can have serious ramifications for users and businesses, both in terms of data loss and financial cost. Cybersecurity firm Herjavec Group recently suggested the total cost of damages associated with unlocking ransomware could hit $1 billion by the end of 2016, according to ZDNet.
There is currently no technique for recovering files encrypted by FireCrypt ransomware. Victims should keep a copy of their files in case a decryption tool is released in the future.
Reducing Ransomware Risk
Chief information security officers (CISOs) and other senior executives should be aware of the ever-growing risk of ransomware. Herjavec Group expects ransom payments to continue to grow during the next five years and further predicts the annual cost of global cybercrime to reach $6 trillion by 2021.
The potential implications for businesses are manifold, including destruction of data, loss of intellectual property and significant financial damages, both in terms of cash and reputational harm.
CISOs must ensure their IT teams are aware of the ransomware risk. A single attack can cost businesses as much as $99,000, according to the Kaspersky Lab report “The Cost of Cryptomalware: SMBs at Gunpoint.” IT oversights, including bad administration, missing backups and unpatched software, increase the risk of damage.