Security Trends in 2016: The Problem Of Ransomware
Ransomware is a specific type of malware that encrypts important information and keeps it encrypted until the ransom (typically money) has been paid. Until very recently, ransomware was not a widely-used type of malware, but it has absolutely exploded in popularity in the past few years. SonicWall reported 3.8 million ransomware attacks in 2015 and then 638 million attacks in 2016! That 167 times larger...in just one year. If ransomware is growing this quickly, then it's fair and responsible to talk about it and figure out what to if you ever get attacked with it.
Ransom (noun): money that is paid or demanded for the release of someone or something from captivity
The following graph shows various examples of ransomware over time. Notice the concentration in the past few years. This shows that many attackers are focusing their coding efforts on ransomware, and would-be criminals have a seemingly endless selection from which to choose.
Why the sudden rise in ransomware, you ask? Great question. The answer: it works, and it's lucrative. In 2016 alone, an estimated $1 Billion was paid out in ransomware fees. Ransomware has always been a technical option for attackers (it's not entirely hard to plant malware on someone's computer and encrypt a bunch of their files), but the main problem rose out of the payment part of the ransom. In years past, attackers didn't have a convenient and reliable way to anonymously accept ransom payment. But now, they have a very easy way to conduct anonymous financial transactions online...it's called Bitcoin. Bitcoin plays a huge role in ransomware because it is both anonymous and popular as a form of online payment. Before Bitcoin, it was nearly impossible to accept payment for the ransom without getting caught. Now, you can exchange money via Bitcoin and no one can track it. Since anonymous payment options are available and ransom malware is easily accessible, ransomware has become a very popular tool for attackers.
When a person or company is the target of ransomware, the fundamental decision of that person or company centers around the payment of the ransom. Do you pay or not? If you don't pay, you definitly won't get your data back. Of course, even if you do pay, there's no guarantee that you'll get your money back. In 2016, less than half of all companies that were attacked actually recovered all of their data. It's good to discuss these decisions prior to getting attacked. Here are some recent examples of companies that were attacked and chose to pay the ransom:
- Feb 2016 - Hollywood Presbyterian Medical Center in Los Angeles payed 40 Bitcoin ($17,000 at the time) to get its data back
- April 2016 - The Lansing Board of Water & Light (BWL) paid $25,000 to get their data back
- May 2016 - Kansas Heart Hospital was attacked and paid the ransom only to have the attackers demand more ransom and still not give access to their data
- September 2016 - Hosted desktop and cloud provider VESK paid 29 Bitcoins (about $23,000 at the time) to get their data back.
- November 2016 - Hackers demanded 100 Bitcoins (about $73,000 at the time) from the San Francisco Municipal Transit Authority to get their systems back online.
- December 2016 - The Cockrell Hill Police Department was attacked with ransomware and the demand was $4,000 in Bitcoin
I could go on with many more examples, but you see the point. Ransomware attacks are on the rise, and you need to be prepared for one. In just about every one of these cases, the ransomware was planted via a malicious file attached to an email or website. The old idea of "don't open suspicious attachments" and "don't click on suspicious links" still completely rings true today. It's also a great idea to have backups of all your data and those backups should be stored in a way that makes it difficult for the ransomware attackers to attack the backups if/when they successfully breach your network. Finally, if you ever fall vicitim to ransomware, call the FBI so they can try to decrypt the data and chase after the attackers...although they might tell you just to pay the ransom.
- Harry1Nimbostratus
Nice article Jhon. could you please let me know is there any component or future would be in F5 bucket to protect with these types of attacks?
- ltwagnonRet. Employee
Hi Harry! Like most malware attacks these days, it all starts with end users who follow safe practices when clicking on links, opening email attachments, etc. But, there are also some great products out there that help with this problem as well. The BIG-IP Secure Web Gateway is a great tool you can use to help end users stay safe. Here's a link to find more information: https://f5.com/products/big-ip/secure-web-gateway-services-swgs