The malware business: Today’s top get-rich-quick scheme, funded by YOU

Tony Anscombe 21 Mar 2017

You don't have to fall victim to malware. Understanding how cyber criminals stay in business can help you avoid becoming their next unwilling "customer."

Have you ever been tempted by one of those ads promising “You can earn $20,000 a month by working from home just 4 hours a day!”? Most of us probably have, even for a moment.

Then you remember: An offer that sounds too good to be true probably is.

However, making lots of money with minimum effort is possible … if you’d like to start distributing malware. In fact, as I recently addressed at security industry conference RSA, the business opportunity cybercrime offers – as opposed to the security industry’s opportunity to fight it – is really quite compelling.

Real-life "Mr. Robot"s

Many of us assume malware is created and distributed by hoodie-wearing geeks in dark basements. But the rise of Ransomware-as-a-service (RaaS) has made it possible for just about anyone to purchase their own distinct variant of the malicious code and to have it supported, just like any other software package. So if you have no reservations about going over to the dark side, it’s never been easier to cash in.

Just imagine for a moment a company offering data encryption, security products, and support services, with marketing promising “Data Security – Pay as You Go.” That distributes services as most software companies do – via email campaigns and downloadable mobile and desktop software. That targets different customers with different offers, tailored to their search history, even personalizing the offers. Such a company may have a high profit margin, offer great benefit packages, and appear and feel like a very legitimate business.

So many data breaches have happened in recent years that such a company could easily create a meaningful profile about every one of us – where we shop, where we travel, where we are at any given time, who we bank with, maybe even who we like to date. All this data in aggregate equals highly personalized email offers that are more than just tempting – that look legitimate and are capable of duping even the tech-savviest of us into acknowledging email receipt, clicking on a link, or opening an attachment.

Before you know it, your data is encrypted and you’re magically being offered a “service” that will unlock it. A service that will cost, on average, $500. All coming from an outfit that operates in multiple languages, offers support teams to process your payment and guide you through unlocking your data.

Cybercriminals can make you part of the scheme

This “service provider” may even offer early payment discounts, or free data unlocking if you sell the software via a pyramid scheme to your contacts. The revenue generation options are endless.

If this malware distributor is smart, they also know that a ransomware victim’s next step after unlocking their data will likely be to buy security software. You can probably guess what’s coming. That’s right, a polished, professional follow-up campaign offering anti-malware software. And if you install this absolutely fake security product, you’re in fact unknowingly opening the door to future compromises – making you a repeat customer, possibly for life.

Legislation is catching up

Is there any good news here? In fact, some countries are creating laws to combat the current ransomware surge. The FBI predicts that the ransomware business increased nearly 4,000 percent from 2015 to 2016 – from $25M to almost $1B – meaning legislators and law enforcement are rightly prioritizing measures to combat it. Already this year California has passed legislation making ransomware distribution illegal. Before this legislation, prosecuting this specific act was too complex under existing fraud law.

Falling victim to malware is no longer rare. As it gets exponentially easier for malware businesses – and make no mistake, they are businesses – to make more and more money, we need to increase our vigilance accordingly. Disreputable businesspersons looking to make a fast buck are nothing new, but via the internet they can swindle you for more money faster than ever before.

How can you stay safe?

Protecting yourself doesn’t have to be complicated or hard. By taking these 5 steps, you’re likely to prevent the majority of malware.

  1. Back up your data. If you can restore your data from backup files, malicious encryption will have limited effect. Make sure the backup is disconnected from your device once you’re done, as a connected backup can itself become infected, therefore of no use.
  2. Do not click email attachments. If you get an email with attachment from someone you don’t know, or an email from someone you do know but that includes an unexpected or strange attachment, do not open them. Ask the friend if it’s legitimate, or ask them to re-send.
  3. Patch and update software regularly. Software manufacturers continually update their products to close vulnerabilities and increase security. Make sure all the software on your machine is running the most current version, and set your computer to automatically alert you when updates are available.
  4. Install security software. Make sure you have a reputable security product installed and kept updated. You can easily download Avast security products to get real-time protection against ransomware and other malicious attacks.
  5. Immediately disconnect any infected device. If you do fall victim, turn off and unplug the device, being sure to remove any Ethernet cables and disable any Wi-Fi connections. Malware spreads. Don’t give cybercriminals the chance to find and infect more of your devices.

Above all, if your device does become infected, don’t pay! Becoming a “customer” of the malware monetization machine fuels their growth, allowing them to become more and more sophisticated and target more and more potential victims.

But don’t worry – you don’t have to sacrifice your data just to do the right thing by not lining scammers’ pockets. We provide free, easy-to-use decryption tools that work on approximately 50% of ransomware strains. 

Because not all brilliant geeky types are bad guys. In fact, quite a few of them work right here at Avast – looking out for you.

--> -->