Ransomware

We’re under attack!

If you keep up-to-date on tech news, ransomware won’t be new to you, but many of us don’t realize that 2017 saw millions of dollars paid to cyber criminals by companies and individuals. At its most basic, ransomware is like a virus that can get into your computer, system, or database, and encrypt your files so you can no longer read them. The ransomers then ask for money in return for the encryption key. To add to the indignity, some of them will also include a creepy clown photo or threats of physical violence.

In addition to making money, some malware uses ransom as a distraction while another program irrevocably erases your hard drive. Programs like WannaCry, Petya, Cerber, Cryptomix, Jigsaw, and Bad Rabbit should be household names for all the trouble they’ve caused. Just a few weeks ago someone targeted the Sacramento Regional Transit and deleted 30 million files.

You don’t have to be a computer genius to launch an attack. The Dark Web currently has about 45,000 ads for ransomware for sale. A lot of it is designed to hit regular citizens. Since many of us blend our business and personal communications, the attacks can get pretty awkward. 59% of people attacked said they paid the ransom out of their own pockets (only 37% of ransoms were paid by their bosses), with payouts averaging $1,400.

Then of course there are the big attacks. The CEO of South Korean web design company Nayana was forced to pay $1 million (converted into Bitcoin) to attackers when they stole his customers’ information this year. In fact, he negotiated the ransom to an amount he could conceivably pay without going bankrupt (he’s now basically on a ransom payment plan, having already made two payments). Ransoms are often paid in Bitcoin because it is protected by blockchain technology, so there’s no way to trace the money. Over the summer, Russian and Ukranian companies were hit particularly hard by an attack that also took a swipe at FedEx and pharmaceutical company Merck. It crippled Ukraine’s central bank as well as its postal service and took down computers at the Chernobyl nuclear site.

Google found evidence that attackers have made about $25 million over the last two years, enough to make it a profitable business venture. A more pessimistic look at the data suggests it’s more like a billion dollar business. Tech websites now put out monthly, even weekly, updates on attacks around the world. If you think you don’t need to be concerned, just remember they’ve already infiltrated bank accounts and medical records worldwide.

Resources: