In our 2017 State of Cyber Security Report, F-Secure’s experts, partners and collaborators aim to give you an overview of the Internet as it is now. And if you follow the news, you know that one threat that plagues both individuals and businesses — especially businesses with extremely valuable customer records, like hospitals — is malware that holds your files hostage until you pay off the crooks AKA ransomware.
You may be wondering, why now? Why are we having such a hard time defending against it? Why is ransomware not likely to go away in the near future? In fact, it’s likely that it will expand into other connected devices, possibly even cars.
Bases on the findings of the 2017 State of Cyber Security Report, here are four reasons why ransomware is so good at ripping you off
- There has been a massive explosion of development
F-Secure Labs has been warning users about ransomware in some form or another for nearly a decades. But everything changed in 2013 with the emergence of Cryptolocker. This new version of an old threat “defined the business model and proved the opportunity,” the report notes. And the results are clear both in the “Tube Map” above from the report that shows the rapid and sprawling development of new ransomware variants and this chart, which shows that new ransomware families doubled in 2014 and 2015. And in 2015 the number of new families increased nearly by a factor of five.
Each new iteration means we have another threat to defend against.
- The Bitcoin Dilemma.
It’s no coincidence that the rise of ransomware came as Bitcoin matured as digital currency. Untraceable and borderless, it enabled a new industry to explode, an industry that may one day yield billionaires.Ransomware pricing is like a game from the The Price is Right. The criminals want to ask as much as they can, but if they set their sights too high, the fish swim away. At least, when it comes to consumers. When it comes to businesses, loss of access to business-critical data and systems makes it harder to walk away. A recent study by IBM found that while over 50% of consumers said they would not pay a ransom to get their encrypted files back, 70% of businesses that had experienced an infection had paid up.The price a victim pays for a ransom depends on whether the payment is requested in Bitcoin or a real-world currency such as dollars. Bitcoin prices can fluctuate as much as $100 in a couple of days, meaning that waiting to pay a ransom could mean quite a difference from the price at the time of infection. If an attacker states a demand of $500 worth of Bitcoin, and the Bitcoin price suddenly jumps, by the time the victim figures out how to make the payment, $500 won’t buy as much Bitcoin as before and the attacker may request more.According to F-Secure’s own unofficial Twitter poll last spring, ransomware criminals might do well to keep their rates on the lower side. While only 8% of respondents said they’d be willing to pay a fee of more than $400 to recover lost data, 29% were willing to shell out an amount under $400.
- Criminals are imitating legitimate businesses.
Ransomware is a trend with staying power thanks to it finding business model that works. The promise of unlocking encrypted files is a clear benefit, and too often it’s the cheapest, most efficient option for affected organizations. But they’ll only pay if they have some trust that they will get what they pay for. This requires criminals to actually think about their reputation, the way any retailer might.A successful business model isn’t the only concept that ransomware has borrowed from traditional business. Its perpetrators have also seized on the idea of the customer journey. Ransomware families have evolved to offer customer-friendly features to guide their victims in making the Bitcoin payment. “Personal” webpages in several languages. Helpful FAQs. Free trial decryption for one file. And support channels where “customers” can get in touch with the crooks.How good is ransomware customer service? To find out, we reached out to the criminals behind five active families via their support channels. Full details of the research can be found in our report, Evaluating the Customer Journey of Crypto-Ransomware.
- You don’t have good backups.
Ransomware works because people need their files. It wouldn’t work if everyone had real backups. And as F-Secure Chief Research Officer Mikko Hypponen explains, “Backups are not backups until you’ve tried the restore.”
And here are other ways you can avoid being ripped off by ransomware.