Today's news reports that a new kind of ransomware, called Power Worm, contains coding mistakes that means anyone hit by it will be unable to recover their files, even if they pay the ransom. The coding errors mean that the worm destroys the keys that could help recover any data that the worm did scramble.
Fred Touchette, Manager of Security Research at AppRiver has shared the following insights:
Q. Power Worm - could it be deliberate instead of a mistake?
"It’s unlikely that this was a deliberate mistake. Creating malware that simply destroys files would be much easier than adding that sort of "functionality" into an already complex ransomware variant."
Q. Linux.encoder - what makes this one different to all the others?
"One of the main differences is that it attacks websites. Until now the biggest target group was the home and business end user. It makes sense that this type of malware, including their potential targets, would continue to evolve."
Q. It feels as if there's been a spike in ransomware - would you agree? Any stats that substantiate this?
"There has been an obvious spike, but I don't have metrics specific to this type of attack."
Q. Why is ransomware increasing?
"Ransomware is increasing because it is working. Victims continue to pay these cyber criminals and in turn, the bad guys keep doing what's working so well for them."
Q. Should organizations ever pay a ransom? Assuming not, what should they do instead?
"No. Organizations should backup their files."
Q. What else can be done to rid yourself of ransomware? Is there anything?
"Yes, #1 back up your files. #2 Stop paying criminals. Avoiding 100% of the damage caused by ransomware is quite simple, by having a backup of one’s data, all that needs to be done in case of a ransomware infection is to restore said backups. Also, aside from ransomware attacks, there are a million other reasons that people should backup their systems, it’s kind of amazing that these attacks are working so well."