Ransomware

By Daniel Bloom

Ransomware is a term that is becoming more well known and popular in the collective consciousness of society. What was once confined to the realm of IT nerds has now made its way into the common vernacular due to growing incidents involving this type of malware. The reasons for this are manifold, but primarily centre around society’s increasing reliance on technology and the interconnectedness of the systems that comes with this. The watershed moment for ransomware came in 2017, when the now-infamous WannaCry ransomware made its way around the world. WannaCry severely impacted a range of different sectors and industries across 150 countries, shutting down their IT systems and causing chaos and damage estimated by Symantec to have cost $4 billion in damages. However, far from being the peak of the ransomware wave, there was a 53% increase in these attacks from January 2021 to March 2021 and the proliferation of ransomware attacks shows no signs of abating.

What is Ransomware?

Ransomware is a type of malware that, when opened on a computer, leads to the encryption of the victim’s data. The victim is then prompted to pay a ransom to decrypt and restore their files. This fee is typically paid through Blockchain currency due to its relatively difficult traceability. These can be anywhere in the range of $300 to a maximum payout of $40 million, that was paid by an insurance company in 2021. The demanded ransom is typically dependent on the target of the malware. Since earlier incidents targeted individuals, these were lower. However, in 2020 the average payout skyrocketed to a reported $170,404. Large corporations and businesses have been increasingly targeted due to the large payouts that can be elicited from them, in conjunction with their increasing willingness to pay such sums of money. This is a significant factor in the popularity and persistence of incidents of ransomware. It offers a low risk and high reward strategy for criminal networks, with a relatively low barrier to entry due to the relative simplicity of ransomware, and corporations having large incentives to pay when a cost analysis is applied to their loss of business versus the cost of the ransom. Their increased occurrence has even led to the blossoming of specific branches of cyber security that exclusively deal with ransomware attacks. A popular strategy is to negotiate the ransom with the criminal groups in order to mitigate costs. The alternative to not paying is that a company could permanently lose access to all of its systems, with the resulting damage far outweighing the cost of the ransom. Alongside the potential loss of its IT systems, a business must likewise factor in the loss of productivity as a result of the downtime, the wasted man-hours, the reputational loss it might incur due to a breach of its systems, and the regulatory penalties it might suffer from potential data leaks.

Where does it come from?

There is a whole variety of potential actors that are involved in the proliferation of ransomware. On one end of the spectrum, there can be individuals with relatively little knowledge and resources, who have very little organization or overarching ambitions. Whilst these lone actors might only be seeking financial gain, it has emerged that those involved in earlier incidents of ransomware were motivated by the desire to promote anarchy in the system and cause widespread destruction. On the other end of the spectrum, there can be highly organized and very sophisticated nation-state actors, who are involved in complex and multi-faceted uses of ransomware. Their aims range from causing damage to critical infrastructure to extorting money for financially crippled regimes, with North Korea being accused of the 2017 WannaCry attack, in an attempt to enrich its state coffers. Then there is everything in between these extremes, with a large proportion of ransomware attacks being carried out by organized criminal groups, whose sole intention is financial gain. For example, the Ryuk ransomware which appeared in 2018 has been attributed to a Russian-speaking group which made $61.26 million through its propagation. There have also been reports of cyber criminals releasing affiliate business models based on ransomware, in which a group releases their own proprietary software in return for a percentage of the profits.

What’s in its future?

It seems highly unlikely that ransomware attacks can be permanently eradicated. Even if the government were to significantly increase its cyber security spending and proactively focus on prevention, the evolving nature of technology means that there will always be new threats and new methods to exploit IT systems. Therefore, to prevent incidents of ransomware attacks, it is important to focus on educating computer users in keeping their systems up to date and safe internet habits. The increasingly interconnected future of technology is likely to see further ransomware attacks and also incidents of other malware that can have catastrophic effects on society. In order to deal with this evolving threat, society too must adapt to and overcome these threats. With the increasing use of technology must come an increasing awareness of the dangers it brings and personal responsibility for one’s safety.