Posey's Tips & Tricks
Is Social Engineering the New Alternative to Ransomware?
As we increase our defenses against ransomware, attackers are shifting their scamming methods.
Hardly a day goes by lately when I don't read or hear something about the threat of ransomware. In fact, I think that most consumers probably view ransomware as being the single biggest threat to their data. Personally, I agree that ransomware is a huge problem. I know several people who have fallen victim to ransomware and I am, by no means, trying to downplay the seriousness of this threat. Even so, I can't help but wonder if the threats are starting to change.
Before I explain, I want to point out that once a piece of malware makes it into the wild, the odds are pretty good that the malware will never be completely eradicated. Last year, for example, I performed a deep scan on my file server and found an infected file. The interesting part is that according to my logs, that particular file had not been accessed in over 17 years. Hence, there was an ancient, presumably extinct piece of malware lying dormant on my file server. My point is that even if ransomware does eventually fall out of favor with malware authors, the problem will never completely go away because there is so much ransomware that already exists.
So how could anyone in their right mind think that ransomware is about to be replaced by social engineering? Well, consider an incident from a few days ago.
Someone in my family was attempting to go to Target's Web site to do some shopping. They accidentally typed the URL incorrectly and ended up on a presumably malicious Web page. This page displayed a message saying that the PC had been infected with a virus and that the full contents of the hard disk would be permanently lost unless "technical support" is contacted within the next five hours.
My relative tried to call me, but I was busy and didn't answer the phone. My relative then called the supposed tech support number, but hung up when the "technician" asked to take control of his PC. My relative tried calling me again, and this time I was able to answer the phone. After hearing the story, I took a look at the infected PC. Now here is where things get weird. The malicious Web site did not damage the PC in any way. It didn't even so much as modify any of the browser's settings. Multiple malware scans using a variety of different products also failed to detect any sort of an infection.
Believe me when I say that an infection was not prevented by good security. This particular PC was very insecure, and yet the malicious Web page didn't do anything except for to display a bogus message. The question therefore becomes, why?
While it is certainly possible that the scammer was just too lazy or lacked the technical skills to write a malware module, I seriously doubt that is the case. After all, there are malware authoring kits available for download. I think that there is something bigger going on.
My guess is that ransomware authors are beginning to realize that their days are numbered. Ransomware has become such a huge problem that people are beginning to vigorously defend their systems against it. It will only be a matter of time before ransomware protection becomes a standard security feature for operating systems and security tools alike.
Furthermore, ransomware tends to not be multiplatform. A piece ransomware that targets PCs, for example, probably isn't going to work on a Mac. A piece of ransomware that targets Macs probably isn't going to work on PCs, iOS or Android devices. Those who engage in ransomware schemes probably realize that they can make more money with a multiplatform attack.
I think that those who would extort money from innocent victims have begun to realize not only that it is becoming more difficult to pull off a successful ransomware attack, but also that it is not always necessary to inflict actual harm in order to make money. The scammer needs only to convince the victim that harm has occurred.
Then of course, there is the issue of trust. Imagine for a moment that your PC became infected with ransomware. Would you pay the ransom? Even if you did, there is no guarantee that you will get your data back, and there is a strong possibility that your credit card number (and possibly even your identity) will be stolen. In fact, I have even heard stories recently of ransomware authors demanding gift cards or bitcoins instead of credit cards simply because so many banks have begun actively blocking ransom payments.
On the other hand, when a person calls a "tech support" line, they might willingly hand over a credit card number to someone that they perceive as being helpful. The person might not even realize that they are being scammed. In their mind, they are paying for technical support, and therefore might not even report the fraudulent credit card charge to their bank.
Personally, I doubt that we will see a decline in ransomware incidents tomorrow, or next week, but I am predicting that over the next year ransomware incidents will slow down and tech support scans will become even more pervasive than they already are.
Brien Posey is a 16-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.