On Thursday, The FBI disclosed to The Wall Street Journal that the number of Americans being hit with ransomware - that is, computer malware that encrypts users' files unless they pay ransoms to criminals - is increasing, and likely to continue to grow throughout 2016.
According to data from the FBI's Internet Crime Complaint Center, in 2015 there were 2,453 reported ransomware incidents versus only 1,838 in 2014. Overall, losses in 2014 amounted to $23.8 million and grew to about $24.1 million in 2015, meaning that while actual losses are increasing, there is at least some glimmer of hope in that the average loss per incident has dropped. (Loss figures include lost productivity, etc. and are typically far larger figures than those of just the ransoms.)
Once ransomware has hit, there is often little better advice offered to victims than to simply to pay the ransom. In fact, despite all the official bravado we often hear from government officials about never yielding to felons, according to the Wall Street Journal, "an official in the FBI's Boston field office said at a cybersecurity conference last year that he often tells victims simply to pay the ransom."
Ransomware is highly profitable - and involves less risk to criminals than many other forms of cybercrimes. Also, as Travis Smith, Senior Security Researcher at Tripwire, mentioned to me: "ransomware allows criminals to monetize their cybercrime efforts quicker than previous tactics allowed." There is no need to resell data, which can be complex, risky, and time consuming, or to manage large, ever-changing volumes of email addresses to which to send spam. Ransomware leveraging Bitcoin payments allows attacks to earn an immediate, low-risk return on investment from their crimes.
Ransomware is also becoming big business. There are reports that criminals have started to "team up" and share ransoms after collaborating in all sorts of fashions - from creating ransomware-as-a-service type offerings to working with one another other to help distribute malware to offering each other payment processing and money laundering services.
Protect yourself against ransomware by backing up often, and keeping the back ups completely disconnected from the computers being backed up. That way, if you do get infected by ransomware, you won't lose your data even if you don't pay the ransom. (Remember, also, that cloud-based backups are not a panacea: they can become infected with malware if they are accessible to computers that are infected.) Of course, to prevent getting infected with ransomware you should also make sure to adhere to proper information security practices - do not download software, music, or videos from rogue websites, do not open unexpected email attachments or click potentially unsafe links in emails and SMS messages, etc. And remember, as Amichai Shulman, CTO of Imperva, mentioned to me, because ransomware spreads easily, "at the enterprise level, individual infections can quickly escalate into an enterprise problem."
And, keep in mind that ransomware is not a problem that is likely to "go away" anytime soon. In the not so distant future we will likely even see ransomware targeting healthcare systems, self-driving cars, and other smart appliances.
As, Andrew Komarov, Chief Intelligence Officer at InfoArmor, noted, "I agree with the FBI's opinion that ransomware is one of the most active trends in cybercriminal world, as it has a direct and profitable commercialization model - in some cases, without any significant costs, as most victims have a pretty insecure IT environment."
Adam Laub, Senior Vice President at STEALTHbits Technologies added: "While virtually every study being conducted on the prevalence of ransomware suggests attack volumes will continue to rise, there is also a glimmer of hope for organizations looking to protect themselves from being the next victim. Traditional signature-based detection and prevention capabilities catch known variants of ransomware at the perimeter, and new pattern- and behavior-based activity detection are increasingly effective at quickly identifying what's slipped past the gate. Additionally, routine backups of data, cyber insurance policies, and adoption of known best practices such as the clean-up and consolidation of sensitive data assets further mitigate the actual damage that can be done in even the most successful ransomware attacks."