The US Federal Bureau of Investigation (FBI) has announced that it expects ransomware to become a US$1 billion business, MSNBC has reported.
Perhaps more worrying is the rate at which ransomware attacks are becoming more lucrative. In 2015, the FBI reported losses of US$24 million. But in the first quarter of 2016 alone, losses of US$209 million were reported. According to the FBI, that may well end up exceeding the $US1 billion mark once all the damage is accounted for. The trend doesn't look like it's stopping as we head into 2017 either.
Ransomware represents a stark intervention in cyber-crime, Richard Walters, SVP of security products at Intermedia told us: “The emerging malware is no longer infiltrating one computer at a time; it's threatening to take entire businesses offline for extended periods of time. Now more than ever, companies need to prepare for a ransomware attack by implementing fully-baked business continuity plans that incorporate off-site, real–time cloud backups. This ensures file archives can't be deleted and employees can access clean versions of the files on another device.”
While previous generations of cyber-criminals might have been interested in stealthily infiltrating a network and making off with the loot before anyone could notice, ransomware wants to be as loud as possible. More than that, it's critical quality is to paralyse a system and let its unfortunate victim knows it's there.
It also doesn't need any great level of sophistication to be effective. Ransomware rarely requires communication with a C&C server as so many kinds of malware do. It merely encrypts files and sends the victim a message saying where they can go to pay the ransom and receive the decryption key.
Despite near constant warnings not to pay up, for fear of enabling the success of the ransomware industry, many still do. A recent study by IBM showed up to 70 percent of organisations affected had paid ransoms to stop the crippling effect of a successful ransomware infection. The same report stated that many would pay the ransom if the price was right, showing that some see that decision as a business cost as opposed to a security hazard.
The FBI's recent admission notwithstanding, much of the cyber-security industry has been talking about this growing threat for a long time. In September 2016, Intel Security released a report saying that ransomware was up 3000 percent since records began in 2012. Increasingly attackers are setting their sites on ever more critical targets such as infrastructure and healthcare.