2016 Will Be Known As The Year That Ransomware Hold Us Hostage

This is a post series on cyber crime. For more posts click here or the cybercrime tag below.

The economics of ransomware. It’s an extortion racket without all the usual limitations of such things.  The entry costs are low as are the risks. Which is the problem.  $2500 to possibly get back 2 million is a huge return. Unless something changes, this is only going to get worse.

Cybercriminals create the demand by restricting access. Victims realize they need access and­—if they cannot get access themselves by restoring critical files from backup—they end up paying the ransom and fueling this economy. This applies to online consumers, small business owners, and CEOS—they have all paid to retrieve data.

It’s interesting to consider the ransomware economy in the following five segments:

1) Investment 

Cybercriminals leasing ransomware can obtain it for as little as $39 and as high as $3,000 depending on which type is purchased. They must then distribute it. Distribution costs include time spent creating and sending emails. According to Trustwave, an IT security team that spent time trying to dissect the ransomware economy, it would cost about $2,500 to spread 2,000 ransomware infections once you factor in the time to send emails and compromise sites.

2) Pricing 

Ransom demands in the United States have been known to be several hundred dollars higher than the same ransomware in Mexico or other countries with lower median incomes than the U.S. Ransomware authors have researched regions and incomes—and they understand that they can only charge what the market will bear. Ransomware authors also consider the bitcoin exchange rate when determining the ransom demand. This helps cybercriminals set a ransom that victims can afford to pay regardless of which country they’re from. In the U.S., the average ask is between $300 and $500, according to many industry sources.

3) Target market 

The target market for ransomware consists of consumers and companies that retain important or business-critical information, and have the ability to pay the ransom. Unfortunately, these people also typically aren’t adhering to IT security best practices. Hospitals and other healthcare organizations are a popular target for cybercriminals because of the pressure to pay up quickly, rather than risk patient health.

4) Revenue 

Estimates as to how much has been paid in ransom tend to be conservative because many payments are undisclosed. That said, The U.S. Departments of Justice Internet Crime Complaint Center received reports of ransom payments totaling $24 million in 2015. And in July 2016, ransom payments for Cerber ransomware alone totaled $195,000 for the month. But the market is growing exponentially, and the FBI has said ransomware costs could total $1billion this year.

5) Competition 

The relatively low barrier to entry has resulted in fierce competition among cybercriminals. Some ransomware authors and cyber-extortionists have even adopted higher levels of professionalism to make it easier for victims to pay up. And, in an interesting angle to the supplier side, ransomware kits are easily available and come with simple instructions, meaning that distributors can sell ransomware to new, smaller distributors—as long as they are guaranteed a piece of the profits.

The ransomware economy is booming and returns are high. That means you can expect the number of ransomware attacks to continue rising. Protect yourself by having adequate backups in place before a ransomware attack occurs. Test your backups to ensure that the right data is being protected and can be restored in satisfactory time frames. Also, ensure that a backup copy is kept in a different location from production data so that ransomware does not infect both at the same time.

The Economics of Cybercrime: Understanding the ransomware market

This ties right into a central point of this series.

http://www.cnsnews.com/news/article/barbara-hollingsworth/tech-group-warns-2016-will-be-year-ransomware-holds-america

Here’s some more links.

Ransomware Attacks on SMEs Increases Eight-fold

http://arstechnica.com/security/2016/11/indiana-county-government-shut-down-by-ransomware-to-pay-up/

https://www.scmagazine.com/report-ransomware-will-wreak-havoc-on-critical-infrastructure/article/528914/

http://www.businessinsider.com/malwarebytes-ransomware-study-city-of-london-2016-10?r=UK&IR=T

Ransomware Attacks on SMEs Increases Eight-fold

A ransomware PSA.

They need to run it in their own offices.

http://www.forbes.com/sites/leemathews/2016/11/10/22-million-government-workers-being-targeted-by-ransomware-attack/#1268151756ad

The week in ransomware.

http://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-11th-2016-noobcrypt-fsociety-gingerbread-and-more/

 

Advertisements

One comment

  1. penneyvanderbilt · November 13

    Reblogged this on Crazy Pasta Child.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s