Banking Trojans and Ransomware
Banking trojans have been around for a long time; they steal credentials for bank accounts in order to gain access to the money inside. While people know to fear banking trojans and the massive damage their data breaches can create, they may be a little less familiar with the next era’s major threat: ransomware. Ransomware is becoming an even more common method of attack than banking trojans.
When a banking trojan is used to attack a random internet user, a robber mounts a phishing campaign with the intention of enticing a target to open an attachment which contains malware. If the user clicks a link that triggers the delivery of the malware to the user’s computer, the trojan will install itself and create leverage that enables a thief to obtain banking credentials and begin to make withdrawals from the victim’s account.
According to Andy Feit, head of threat prevention product marketing at Check Point, while banking trojans used to be all the rage, ransomware has recently become even more popular:
“What we’ve seen in the last three or four months is this major move by the hacker community to install ransomware on machines,” he stated. “Ransomware is a big money maker right now. When something catches on, the hackers’ social networks get fired up, and everybody starts to move to it.”
So what is it that ransomware has to offer hackers that banking trojans don’t? Banking malware requires that hackers create major adaptations to their software based on the person’a bank. It’s not a generic attack weapon and must be adjusted in every circumstance.
Ransomware, on the other hand, does not involve any difficult adaptations and can even be adapted without special developer input. The only thing that has to change is the ransom note, which can be done easily with Google translate.
Even more importantly, ransomware makes it much easier for thieves to receive their victim’s money. Ransomware users don’t have to siphon money out of their victim’s bank accounts the way banking trojan users do.
“Banking and fraud systems can silently raise a red alert to catch the attacker trying to get the cash or just block the transfer,” explained Check Point security researcher Gas Naveh. “The ability to trace movements of funds, or physical pick up, creates a real risk for the attacker.”
On the other hand, ransomware payoffs are made in bitcoins, which are anonymous and outside of a banking system. That means external third parties cannot interrupt transfers.
“Bitcoin wallet shuffling allows the transaction to remain untraceable by the authorities, and changing bitcoin into money is as easy as going to an ATM,” said Naveh. “With all these advantages, it is easy to understand why ransomware is generating such a significant profit for its perpetrators… This trend is also rising rapidly and we can expect it to grow even further.”
Unfortunately for internet users, ransomware is a very real threat that they must adjust to. Ransomware users have already made victims of countless businesses, which generally respond without reporting the attack out of embarrassment. The best way to counter a ransomware attack is to not be vulnerable to it; simply have all your files backed up on an external hard drive, and the hackers’ threats will be meaningless.