Ransomware payments for 2016 are expected to hit a billion dollars, according to the FBI. That compares to just $24 million paid in 2015.
And it’s expected to get even worse this year — with more victims and more money lost.
Experts even predict that the cloud could come under attack this year because it’s such a lucrative target and could result in ransom payments in the millions of dollars.
Ransomware is a family of malware that blocks access to a PC, server or mobile device, or encrypts all the data stored on that machine. It’s typically delivered via malicious email or infected third-party websites.
To regain access or control of the data, the user must pay a ransom — typically via bitcoin. The encryption is unbreakable and simply removing the malware will not solve the problem. The victim is forced to pay for the unique software key that will unlock everything.
Related: In Second Massive Breach, Bitcoin Worth $72 Million Stolen
“It’s like some sort of gold rush,” said Limor Kessem, executive security adviser for IBM Security. “Cybercriminals are using ransomware to bring extortion to the masses and more criminals are now doing it because they’re interested in getting a piece of the action.”
The average ransom paid in 2016 was $679, more than double the $295 demanded at the end of 2015, according to a report from Symantec. Some businesses that experience a ransomware attack are making 4- to 5-digit payments to get their data unlocked.
“We did a survey in the U.S. and discovered that 64 percent of end users who got ransomware paid the ransom,” said Kevin Haley, director of Symantec Security Response. “People are willing to pay, so the bad guys keep raising the price. We’ll probably see it hit a thousand dollars before 2017 is over.”
Criminal gangs are now capable of pushing their malware to millions of computers a day. In fact, Malwarebytes reports that 60 percent of all malware observed last year was ransomware. Not everyone gets infected, but a lot do.
“It’s a fantastic money maker,” said Adam Kujawa, director of malware Intelligence for Malwarebytes.
“With other types of malware, a criminal has to deal with collecting personal information like passwords or credit card numbers and then try to resell that in the underground marketplace to other criminals. With ransomware, it’s direct. You infect someone, they pay you directly.”
It’s Going to Get Much Worse
Digital security experts tell NBC News the number of ransomware attacks skyrocketed in 2016 and the sophistication of this malware grew exponentially. And they say it’s going to get worse.
More criminals are expected to shift to ransomware because they can now buy ready-made ransomware software from super hackers. These toolkits make it possible for anyone with basic computer skills to launch sophisticated attacks.
The menace will also grow as new variants of this malicious software are developed that do more than simply encrypt the data. For example, “Jigsaw” encrypts the data and then starts deleting groups of files to put pressure on the victim to pay up quickly. “Chimera” threatens to post the victim’s files online, including pictures and videos, if the ransom is not paid by the deadline.
We may also see attacks on devices that use the Android operating system. Symantec has already discovered ransomware called “Flocker” that can lock Android smart TVs.
With ransomware, the criminals can be anywhere in the world and attack any individual or corporate computer connected to the Internet. A survey by Symantec found that the U.S. was the favorite target with 28 percent of global infections. Canada was a distant second at 16 percent.
Right now, individual computer users are the most likely victims because they tend to have less robust security in place. But as we saw last year, corporate systems are also vulnerable. It’s been reported that hospitals, police departments, colleges, banks, and utilities paid a ransom in order to regain access to their information.
In February, Hollywood Presbyterian Medical Center in Los Angeles paid nearly $17,000 to unlock the hospital’s computer network. “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” hospital CEO, Allen Stefanek said in a statement at the time.
In late November, ransomware hit the San Francisco Municipal Transportation Agency and disabled the ticket vending machines for Muni light rail.
The Symantec report warns that some ransomware gangs are increasingly interested in hitting businesses and that they’re using “advance attack techniques, displaying a level of expertise similar to that seen in many cyber espionage attacks.” Businesses are more likely to pay the ransom if they don’t have backup files and can’t get things up and running again quickly.
Would You Pay to Get Your Files Back?
IBM asked 600 U.S. business leaders what they would do if they faced this sort of extortion. The survey results show 70 percent of the businesses infected with ransomware had paid a ransom to regain access to their business data and systems. Half of these companies paid more than $10,000 and 20 percent paid more than $40,000. Other key findings:
- Nearly half of the executives surveyed said their company had experienced a ransomware attack
- Nearly 60 percent indicated they would pay a ransom to recover data
- Twenty-five percent said they’d be willing to pay between $20,000 and $50,000, depending on the type of data lost.
Limor Kessem, who wrote the IBM Security report, told NBC News she was surprised to learn how many businesses had already experienced a ransomware attack.
“Ransomware is pretty much the only malware that can impede everything you’re doing,” Kessem said. “It can lock up your devices altogether or it can lock up the data on those devices. And this can paralyze a business.”
Law enforcement discourages victims from paying the ransom — believing it encourages more attacks and pays for the development of more evil malware. There’s also no guarantee that once the ransom is paid, the files will be unlocked. But many businesses pay because they’re not prepared and feel they have no other option.
Related: Ransomware Hackers Blackmail Police Departments
Anyone hit by ransomware should file a report via the FBI’s Internet Crime Complaint Center. The FBI also has tips for protecting yourself and your organization.
Big and medium-sized companies are more attractive extortion victims, since they can pay a bigger ransom. But the IBM report cautions small businesses…
