Ransomware and the interest around it is surging. A quick look over time at Google Trends reveals an astounding visual representation of the growing interest…
The first ever malware that could be classified as ransomware emerged way back in 1989. Known as the AIDS Trojan, that particular piece of malware hid directories and encrypted filenames, in turn causing its victim’s computer to be unusable (just like today’s CryptoLocker, Locky, Teslacrypt, Cryptowall, and CTB-Locker). To regain control of their PCs, victims had to send money to a Post Office box.
As the graph above shows, ransomware has never before achieved the level of notoriety that it enjoys today. So why are we seeing this growth now?
In this post, we take a closer look at the key drivers fuelling this rapid ascent to infamy. But first, let’s briefly discuss what ransomware is.
What is ransomware?
Ransomware is a piece of malware that, as it name implies, involves ransom money. Once it gets installed on your computer, the malware holds digital assets (in most cases, files) captive and prevents you from retrieving or viewing them. Just like your typical kidnap-for-ransom criminal, it then declares an ultimatum – either you pay a ransom or your files go kaput.
This malware will usually block access to files by locking the screen or encrypting the files themselves. To regain access, you need to pay. Ransom payment is typically done through bitcoins or other electronic payment methods like Ukash, Paysafecard, or MoneyPak. Most systems get infected with ransomware when their users inadvertently download trojans through either phishing emails or malicious websites.
Some ransomware can infect entire establishments, which is what happened to a large hospital in Hollywood. The entire network of the Hollywood Presbyterian Medical Center was locked down by ransomware whose controllers demanded payment in exchange for the “freedom” of the locked patient files.
So why is ransomware fast becoming so popular?
Back in 1989 (specifically as depicted by the AIDS Trojan) the idea of ransomware was clearly ahead of its time. It spread through floppy disks and encrypted files through symmetric encryption. Floppy disks had to be distributed by hand (literally), while symmetric encryption suffered from the necessity of having decryption keys accompany the trojan files themselves.
Today, trojans that carry the ransomware payloads can spread much faster through the Internet and other connected networks. Encryption is also now asymmetric, which allows the attacker to tuck the decryption key away in a safe location.
Last but not the least, payment can now be done without the hassles of having to deposit to a physical location. Electronic methods like bitcoins and Ukash allow ransom payment to be delivered in just a few clicks.
There’s also a psychological aspect to it.
Instant pain = instant gratification
For the victims, the impact of a ransomware infection can be felt instantly. They can no longer use their computer and they can no longer access important files. Those effects are different from a data breach wherein, although the potential legal repercussions and damage to reputation are known, they’re not felt immediately.
What’s more, the solution to the problem is clear and easily achieved. To get out of their predicament, victims simply have to pay. If they can afford it, many of them will pay. This reaction of course plays into the hands of the crooks responsible for these attacks because it makes these operations highly lucrative.
$$$RANSOM$$$ = funding for R&D
So then it becomes a vicious cycle. The more victims pay, the faster these cybercrime syndicates get their ROI. The crooks then have enough to invest into research and development. That’s why ransomware like CryptXXX are getting updated and acquiring additional malicious functions.
Ransomware infection can be prevented through a combination of proper education and the right malware detection and prevention solutions. For example, users must be trained how to identify suspicious email attachments as well as who to contact in the event that one is encountered. In conjunction with that, your network must be secured by advanced anti-malware solutions that are capable of detecting malicious activity.