The US Federal Bureau of Investigation (FBI) has announced that it expects ransomware to become a US$1 billion (£822 million) business, MSNBC has reported.
Perhaps more worrying is the rate at which ransomware attacks are becoming more lucrative. In 2015, the FBI reported losses of US$24 million (£19 million). But in the first quarter of 2016 alone, losses of US$209 million (£171 million) were reported. According to the FBI, that may well end up exceeding the $1 billion mark once all the damage is accounted for. The trend doesn't look like it's stopping as we head into 2017 either.
Ransomware represents a stark intervention in cyber-crime, Richard Walters, SVP of security products at Intermedia told SC Media UK: “The emerging malware is no longer infiltrating one computer at a time; it's threatening to take entire businesses offline for extended periods of time. Now more than ever, companies need to prepare for a ransomware attack by implementing fully-baked business continuity plans that incorporate off-site, real–time cloud backups. This ensures file archives can't be deleted and employees can access clean versions of the files on another device.”
While previous generations of cyber-criminals might have been interested in stealthily infiltrating a network and making off with the loot before anyone could notice, ransomware wants to be as loud as possible. More than that, it's critical quality is to paralyse a system and let its unfortunate victim knows it's there.
It also doesn't need any great level of sophistication to be effective. Ransomware rarely requires communication with a C&C server as so many kinds of malware do. It merely encrypts files and sends the victim a message saying where they can go to pay the ransom and receive the decryption key.
Despite near constant warnings not to pay up, for fear of enabling the success of the ransomware industry, many still do. A recent study by IBM showed up to 70 percent of organisations affected had paid ransoms to stop the crippling effect of a successful ransomware infection. The same report stated that many would pay the ransom if the price was right, showing that some see that decision as a business cost as opposed to a security hazard.
The FBI's recent admission notwithstanding, much of the cyber-security industry has been talking about this growing threat for a long time. In September 2016, Intel Security released a report saying that ransomware was up 3000 percent since records began in 2012. Increasingly attackers are setting their sites on ever more critical targets such as infrastructure and healthcare.
“Ransomware was undoubtedly one of the favourite lucrative tactics of cyber-criminals over 2016, a trend undoubtedly continuing into 2017”, James Lyne, global head of security research at Sophos told SC Media UK.
“We've seen the most basic and flawed campaigns see success in scamming money from victims, but over the past 12 months they've optimised both their technical implementation and their 'business' processes. From enhanced crypto to reduce the likelihood of tools which can undo the damage, to more resilient payments and shock and awe based social engineering, these campaigns are only becoming more serious.”
Even the added awareness of ransomware is not quite enough to match step with attackers. In only the last few days, a Los Angeles community college paid a £23,000 ransom to attackers because the school had not backed up its dataLyne added, “Despite very high levels of public awareness of these ransomware compared to other types of malware, cyber-criminals are still seeing lots of success - it's imperative that everyone takes steps to defend themselves against ransomware in advance, as at the moment this is a crime that pays too well.”