Imagine opening your laptop one morning and discovering all your documents and photos are encrypted — but not by you. A message on the screen in broken English demands a ransom to unlock your files. It's a horrifying scenario that is far too real for many people.

In the past few years, ransomware attacks have increased with the growth in the use of digital storage over physical record keeping for critical documents and treasured photos. Take a look at the history of ransomware, how it impacted users in the past year, and what you can expect in the future.

The basics

Ransomware is a type of malware designed to hijack computers so hackers can force victims to pay a ransom to regain access. It can infect your computer when you download an innocent-looking email attachment or visit a website that surreptitiously executes malicious code that ultimately encrypts critical files or denies access to the computer. The two main forms of this malware are currently widespread:

  • Blocker ransomware locks users out of basic computer functions. For example, it might deny access to your desktop by partially disabling files the computer uses to boot. You could still use your computer to pay the ransom, but otherwise it would be useless. The good news? Locker malware typically avoids encrypting critical files in favor of simply locking you out, meaning there's less chance of total data destruction.
  • Crypto ransomware encrypts your critical data — documents, photos, and videos — while leaving more basic computer functions untouched. Crypto creators often include a countdown in their ransom demand. If you don't pay by the deadline, all your files are deleted. Many users ignore or don't understand the importance of backing up files to an external storage device, so they often choose to pay the ransom because they can’t see any other way of getting their files back.

The first modern ransomware emerged in 2005 in the form of Gpcode, but it’s only in the last few years that the problem has reached epidemic proportions. In 2016, 60 percent of the security professionals surveyed by Ponemon Institute said they saw an increase in ransomware infections, and the companies they work for averaged 26 ransomware attempts each week [1]. A Google study found that over the last two years, ransom malware attackers received $25 million in ransoms [2].

In 2017, several new ransomware infections spread across the world.

  • WannaCry began infecting computers in May and quickly spread worldwide. It even appeared on government networks in the UK and Russia. The malware demanded $300 in bitcoins from its victims. To make matters worse, users reported they did not receive their data, even after paying the ransom [3].
  • Petya first attacked computers in 2016, and cybercriminals continue to use it in orchestrated attacks that deny victims access to their computers. The malware encrypts the part of the hard drive that manages file location and prevents the computer from booting up, making the computer and its files inaccessible [4].
  • Bad Rabbit gains access to computers when users download what they think is an installer for Adobe Flash. Once it activates, it tries to spread to other devices on the network, guessing passwords to gain access. Bad Rabbit encrypts both user files and the computer’s boot files. It demands about $280 in bitcoins to be paid on a website accessible through the Tor browser [5].

Victims often wonder if they're better off paying the ransom to ensure data is returned. In the past, law enforcement agencies have supported this: at the 2015 Cyber Security Summit, Assistant Special Agent Joseph Bonavolonta of the FBI advised companies infected with malware to pay ransoms. According to Kaspersky Lab, however, that's a bad idea. First, there's no guarantee cybercriminals will keep their word and decrypt your data. Second, the more money they earn, the more likely they are to try again. Finally, both security firms and law enforcement organizations are working hard to find and post valid decryption keys. It's definitely important to check the web for possible solutions before shelling out cash.

The future of digital extortion

This year certainly won't be the last for ransomware, so what does the future hold for digital extortion? Smart home devices and internet-connected vehicles are tempting new targets. A ransomware attack could lock people out of homes with smart locks, turn the heat up with smart thermostats, and threaten to crash a connected car. Ransomware could also target network-connected pacemakers, implants, and health monitors. The Internet of Things (IoT) offers a host of possibilities and is short on security standards.

Ransom malware is here to stay. Its targets may change, but the method is tried and true. If you're infected, try not to panic. Look for help online, don't pay up, and consider the use of real-time security protection to help detect and quarantine ransom threats before they lock you out.

Related Articles:

[1] https://www.ponemon.org/local/upload/file/Ransomware%20Report%20Final%201.pdf

[2] http://www.bbc.com/news/technology-40737060

[3] https://www.newscientist.com/article/mg23431263-500-ransomware-attack-hits-200000-computers-across-the-globe/

[4] https://mobile.nytimes.com/2017/06/27/technology/ransomware-hackers.html

[5] https://nakedsecurity.sophos.com/2017/10/24/bad-rabbit-ransomware-outbreak/