Unlucky 7ev3n: greedy ransomware and how to avoid it

Bob Covello posted an interesting article on Graham Cluley’s site on The new economics of data protection in a world of ransomware. He cites the case of 7ev3n, a more-than-usually greedy instance of ransomware demanding a hefty 13 bitcoins for the key to your encrypted data. Which is very much in contrast, by the way, to the £350 apparently demanded by the attackers who caused Lincolnshire council to shut down their systems for a few days, though the BBC reported the ransom demand as being for a heart-stopping£1m. A subsequent report by the BBC  not only cited the lower figure, but asserted that the council had announced that it would not pay the ransom. It’s by no means impossible that demands will continue to rise if and when ransomware gangs get more into the idea of extorting businesses rather than (or at any rate as well as) individuals who may simply not be able to afford such sums. Come to that, a business may be less able to write off its data than an individual who may simply decide that his or her data is not worth paying so much for.

The core message of Covello’s article is simple enough. Even the most expensive backup and cloning options he cites look much more attractive than paying an estimated $5,000 in the hope of having the 7ev3n gang restore your data.

I wouldn’t agree with Marcin Kleczynski that

Even using backup systems isn’t an effective countermeasure because ransomware would actively look for different types of backup systems and encrypt them, too.

Nevertheless, it is worth remembering that ransomware does look for external storage and encrypt what it finds there, if possible. So you need to bear in mind:

  • While external storage is connected, data stored there may be as vulnerable as data on your internal drives. Storage that is only connected when you need it to be is obviously safer than an always-on network or cloud drive. And don’t discount the value of backups of backups. This paper by my colleague Aryeh Goretsky is several years old and so predates the current upsurge in ransomware, but it does address the backup basics very clearly, and they haven’t changed much: Options for backing up your computer
  • If you do have to restore from backup, you need to be sure that the malware is no longer on your system. (Part of the value of cloning.)

David Harley

Leave a Reply