Ransomware encrypts computer files and is used by hackers who then demand money in exchange for freeing the content. It is becoming a huge problem globally. The costs of unlocking data vary, with individuals typically paying a few hundred dollars to a few thousand for businesses.
In May, the FBI issued a warning saying that the number of ransomware attacks had doubled in the past year and was expected to grow even more rapidly this year. It said that it had received more than 2,400 complaints last year and estimated losses from such attacks at $24 million for individuals and businesses.
Governments, large companies, banks, hospitals and educational institutions are all among the victims of such attacks.
There are new variants being written all the time and ransomware writers will indeed take the time to dissect and understand how this new technology operates, creating versions that will attempt to either bypass detection, or at the very least search more effectively for likely sensitive files, before encrypting them, with the hope of having the biggest impact of securing a ransom payment.
There are now more than 120 separate families of ransomware, said experts studying the malicious software. Other researchers have seen a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns. The rise is driven by the money thieves make with ransomware and the increase in kits that help them snare victims.
The rise is blamed on the appearance of freely available source code for ransomware and the debut of online services that let amateurs cash in. Ransomware is easy to use, low risk and offered a high reward. The return on investment is very high.
A separate indicator of the growth of ransomware came from the amount of net infrastructure that cyber gangs behind the malware had been seen using. Per Infoblox, the numbers of web domains used to host the information and payment systems had grown 35 times in the past year.
Cyber gangs have their own command and control infrastructure and they might use it to generate domains for a campaign. Then they'll have some kind of payment area that victims can go to.
The spread of ransomware was also being aided by tricks cyber-thieves used to avoid being detected by security software. Traditional anti-virus software is not effective in dealing with these types of attacks.
Cyber gangs behind the most prevalent ransomware campaigns had gotten very good at hiding their malicious code.
Ransomware also reaches victims via spear-phishing campaigns or booby-trapped adverts.