What is Ransomware?

Introduction to the Ransomware Problem

On May 12th 2017, Europe, along with much of the world was struck by a massive cyber attack. It called itself ‘WannaCry’, and did huge amounts of damage. WannaCry was a piece of ‘ransomware’ – a word we are getting more and more used to hearing through the media. WannaCry took 200,000 computers within its first few hours – including those in major organisations such as Renault, or the NHS. Only weeks later, another attack came from something called ‘Petya’, which attacked companies all over Europe, and particularly in Ukraine. This has been a trend for the last few years, seemingly getting worse and worse. However, this is just the public realisation of a longer-term problem, and it is one that does not look to be going away anytime soon.

What is Ransomware?

Ransomware is a kind of malware which locks your computer, and prevents you from accessing your data until you have paid some kind of ransom, usually demanded in bitcoin or other cryptocurrency. It is a form of digital extortion, and it has been around for a long time. However, in recent years, hackers have made use of advances in cryptolocker technology to make their ransoms much more effective. Their programmes can now hack mobile phones just as easily as computers. The FBI put out an alert this year to warn that hackers demanding a ransom are on the rise worldwide.

Where did it Come from?

The spread of ransom demanding technology is older than you might think – the first attempts were spread by floppy disk in the 1980’s, and demanded money be sent through the mail. It was the evolution of cryptocurrencies such as Bitcoin that encouraged the boom in such technologies. Encryption algorithms have helped to make demanding a ransom easier and harder to catch, to the extent that it is now the most popular form of cyber crime. Most ransom demanding infections generally spread from Russia in the past, and this is still largely the case, despite the recent spread to other countries.

Ransomware Today

In 2012, the cyber defence company Symantec managed to access a server used by hackers who use the CryptoDefense malware. They estimated that the hackers infected about 5,700 computers a day, with around 3% of victims paying the ransom. This meant, with an average of $200 spent by each victim, that they stole around $34,000 every day. Symantec estimates that hackers make perhaps $5million a year from extortion (at a conservative estimate). To make it worse, there is no guarantee that paying will end your problems. Many of the extortioners do not ever intend to return access of your computer once you have paid. Hackers are increasingly attacking public services, such as police departments, local councils, schools and even hospitals. They are perhaps motivated by the greater likelihood of businesses paying out than private individuals. One other potential motivation is political. It cannot be ignored that hackers are increasingly being state sponsored by particular regimes, in an attempt to damage infrastructures.

What to Look Out for

Ransom demanding attacks are not entirely predictable. Companies can be targeted, while private individuals tend to stumble across them. Individuals are most often attacked due to their own negligence – out of date software, a lack of cyber protection and poor online safety awareness are a recipe for being attacked. Businesses are attacked because ransomers know that they are more likely to be paid if they can disrupt a major business as much as they can. Businesses are complex, and feature many different machines and levels of protection, making them more at risk. For the private individual, staying away from at risk sites, and not clicking adverts claiming to represent local law enforcement agencies, along with keeping protections up to date is a good start.

An Unstoppable Menace?

The future is unlikely to see the immediate end of ransom demanding technologies. Hackers will likely continue to attack at risk targets while they are not properly defended. However, there are things that can be done. Making sure people are aware of the risk of such attacks, and preparing proper plans to defend against them are invaluable in the struggle to stop ransom attacks.