Discover the past, present, and possible future of this costly cybersecurity trend.
Everyone has heard the term “ransomware” and knows that it’s definitely not a good thing. But do you really know what ransomware is?
Ransomware is malicious software that encrypts the user’s files after being installed without the user’s knowledge. The user’s data is then held for ransom where the attacker will demand the user pay a fee in exchange for the secret software key.
When the attacker encrypts the user’s data, they’re actually converting readable data to unreadable code using a secret software key. That software key is the only thing that can decrypt the data back to a readable format, thus why it’s so valuable to the user and why attackers demand money in exchange for it – and almost always receive payment.
Ransomware causes immediate fear and panic once users realize what has happened. Users do not want to lose valuable data and often don’t know the best way to pay for the safe return of their data. Ransomware is so effective for the attacker because the encryption is nearly impossible to unlock without paying for the secret software key.
Where We Were – A History of Ransomware
Today we joke about people being silly enough to fall for an email from an overseas prince asking for your banking information in order to send some surprise inheritance or donation. When the Internet first gained momentum, phishing emails seemed to be the biggest threat.
But did you know that ransomware also is not new? The first documented ransomware attack occurred in 1989 and targeted the healthcare industry. According to a Becker’s Hospital Review, the attack began when Joseph Popp, PhD, an AIDS researcher, “distributed 20,000 floppy disks to fellow AIDS researchers in 90 countries claiming the disks contained a computer-based application that gauges a person’s risk of contracting AIDS based on a questionnaire.” Dr. Popp actually infected the disks with malware that demanded up to nearly $400 for a “software lease” that would return the computer back to normal.
Ransomware continued to gain momentum and became much more sophisticated and common around the mid-2000s. It has remained one of the top cybersecurity threats to both organizations and individuals since that time.
Where We Are – What Ransomware Looks Like Today
As of 2020, ransomware attacks are still on the rise. According to a recent Malwarebytes report, ransomware attacks increased 195% in Q1 2019 compared to Q4 2018. And the 2020 Verizon Data Breach Investigations Report (DBIR) notes, “At least one piece of ransomware was blocked by 18% of organizations through , even though it presented a fairly good detection rate of 82% in simulated incident data.”
While ransomware is being blocked often, it’s also happening often, and it’s likely occurring a lot more than it’s being caught.
The report attributes the continued presence of ransomware attacks to how easy it is for attackers to begin a ransomware attack – some attackers even outsource the work to others by “renting” the service and receiving financial gains after successful attacks occur. Plus, mobile banking, wire transfers and money transfer apps, and the onset of cryptocurrency like Bitcoin also make ransomware an ideal option for cyber attackers, especially since Bitcoin payments can’t be stopped or retracted once sent.
Where We’re Headed – The Future of Ransomware
No cybersecurity expert can predict the future, however the rise in ransomware attacks in recent years, along with the ease of execution by attackers and consistent payment by victims likely means we haven’t seen the last of ransomware as a threat.
The 2020 Verizon DBIR data also indicates that ransomware is “a big problem that is getting bigger, and the data indicates a lack of protection from this type of malware in organizations.”
Keep in mind that victims of ransomware have the option to not pay the fee but will spend time and money rebuilding their business’ data repository, or simply have to do without certain data. It’s important to note that even if you pay the ransom, you might not receive the decryption key. However, the ransomware business is clearly easy to execute, and it behooves attackers to provide the secret software key in order for future victims to trust that payment will result in safe return of their data.
The human factor will always be a trigger for ransomware, and a reason why it’s still such a lucrative business for cyber attackers. The good news is the increase in awareness of ransomware means cybersecurity experts can continue to develop ways to proactively combat the threat and will keep reacting to ransomware incidents more effectively if and when they occur.