There is plenty of evidence to suggest that ransomware attacks are getting bigger and more sophisticated. In the space of just a few years ransomware has gone from a minor irritation for PC users to being a significant threat to large corporations and even nations. Major cybercrime gangs are looking to cash in on attacks, and state-backed attackers have realised the potential for creating both chaos and profit.
A few examples of the scale of the ransomware problem:
- WannaCry, the biggest cyber incident of 2017, with than 300,000 victims in over 150 countries, was a form of ransomware most likely unleashed by North Korea (it was rapidly followed by NotPetya, an attempt by the Russian authorities to cause havoc in Ukraine with ransomware which rapidly spread beyond those borders).
- Earlier this year the authors of one ransomware strain announced they were retiring because they had already earned $2 billion. “We have proved that by doing evil deeds, retribution does not come,” they said at the time.
- The past summer of ransomware that has seen dozens of small towns and cities across the US hit by ransomware; many have been forced to pay out tens or hundreds of thousands of dollars in ransom to get their systems up and running again.
Ransomware is now the defining internet crime of our current age. It’s the inevitable consequence of the corporate world’s obsession with hoarding as much data as possible, about anything and anyone, and its relaxed attitude towards keeping that data safe.
Businesses have been urged to gather up every bit of data about every customer engagement, every supplier interaction, in the hopes that it can be trawled by artificial intelligence and big data technologies to provide insight and direction. But for many organisations the security of that data remains an afterthought at best. That leaves many in the situation of having vast piles of sensitive information but no guidelines for keeping it safe. If organisations aren’t sure why they’re collecting data they won’t be clear about why they need to protect it, either.
In another twist, ransomware uses encryption, one of the key technologies we use to do business and communicate online, as a tool to lock away data from its rightful owner.
In some respects, the solution to the ransomware is relatively simple. Basic internet security hygiene will prevent the vast majority of attacks before they have a chance to gain a foothold. A few of the most obvious steps to take:
- Train staff to recognise suspicious emails
- Apply software patches to keep systems up to date.
- Change default passwords across all access points.
- Use two-factor authentication.
- Understand what your most important data is and create an effective back up strategy
- Have a plan for how to respond to a ransomware attack – and test it
Sadly, there will still be organisations large and small that fall victim to ransomware, as gangs become more sophisticated in how they work. Managed service providers and network attached storage are among the recent addition to the ransomware gangs’ targets; they won’t be the last.
There’s every sign that this is an epidemic that will get worse, not better. The willingness for victims and their insurers to pay out means more crooks will be tempted to try their hand. Ransomware-as-a-service kits mean even wannabes with limited skills can try their hand at a running a scam. While some law enforcement agencies have done a good job of providing the tools to let victims decrypt their systems few ransomware gangs have faced justice.
Already there are fears that ransomware could be used against voter databases in the run up to the 2020 US presidential election. A ransomeware attack which makes it impossible for some people to cast their vote would have huge consequences. And it’s hardly implausible to see criminals and state-backed hacking groups trying to expand the use of ransomware across more devices and scenarios in the near future. As we get more reliant on everything from smart cities to driverless cars the risks get greater.
Ransomware offers crooks a vast number of potential victims, which they can target with a cheap-to-deploy scam with a big payday and very little chance of getting caught. Perhaps the real surprise is not that there are so many ransomware attacks, but that there are not many, many more.
ZDNET’S MONDAY MORNING OPENER
The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8am AEST in Sydney, Australia, which is 6pm Eastern Time on Sunday in the US. It is written by a member of ZDNet’s global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and North America.
PREVIOUSLY ON MONDAY MORNING OPENER: