Why do we see a rise in Ransomware activity in the last years? Here are just a few reasons why this new type of cyber-threat has become so popular:
- Anonymity
Ransomware is a criminal phenomenon, people go to jail for this type of crimes, thus, to avoid being caught is every cyber-criminal's first prerogative. They need to know they are not going to be easily identified. This is the reason why the rise of Bitcoin comes to their aid. Bitcoin has become an efficient and more accepted form of payment. Attackers prefer a currency that does not involve financial institutions, both for being difficult to trace and for international currency purposes. These requirements are met by Bitcoin. These type of transactions are not anonymous but require significant effort to be accurately traced and can even be “laundered” as money is. This allows the payment of ransom with low risks of being detected by authorities. Deep web provides a good protection level against IP tracking as well, making it difficult for authorities to pinpoint the attackers.
- Encryption
Cybercriminals want strong encryption to prevent users from recovering files unless they pay a ransom. It is only recently that higher-level encryption technology such as 2048-bit version of the RSA cryptographic algorithm, has become widely available. Asymmetric (public key) encryption works well even on the legacy machines in use. Many of the recent generations of ransomware use a combination of symmetric and asymmetric encryption. Symmetric encryption is fast. This is an advantage because it has a higher probability of completing encryption before the infection is discovered. If the victim discovers the symmetric key before encryption is complete, the data can be decrypted. Asymmetric encryption is slower, but more secure. Attackers can encrypt the victim’s files rapidly using symmetric encryption and then employ asymmetric encryption to encrypt the symmetric key. As a result, the more secure, but slower asymmetric method is needed to encrypt only one file.
- Profit
Truth of the matter is there is money to be made. Cyber criminals know this is a lucrative business model. In 2016, the overall ransomware “business” reached almost 1 billion dollars. For 2017 experts estimate it will reach 4 billion dollars worldwide. It looks like ransomware as a phenomenon will go into a snowball effect. Once hit, restoring data is most times, much more expensive than just decrypting the data encrypted by the attackers. That is the reason many institutions, once breached, do a cost comparison and decide to pay the ransom
- Availability
Attackers no longer need to be tech-savvy since most ransomware is available as packaged exploit kits. A simple google search can make all the information available to have the software up and running in minutes. Going on the deep web offers a good protection and prevents detection by IP. The young generation is IT savvy and many can be easily influenced to take the wrong path towards making an easy buck. Even more, with ransomware-as-a-service type of offers, anyone can do it, with little to no financial investment upfront. Cyber-criminals get the package, get clear instructions of how to deploy it and even 24/7 customer service. Sadly, it is that simple.
I am sure there are many other reasons that I have not mentioned in this article, but the bottom line is, our cyber-security is at risk, more and more, every single day. We can choose to be proactive about it or we will have to be reactive, after the fact and suffer the consequences.
About the author:
Ioan Hipp is not a mathematical genius, he is not a world renowned expert or a prominent figure in the cybersecurity industry. He is just a passionate person on the new cyber world that our IoT is developing into, a storyteller and a contributor to a better society.