What makes ransomware so effective? One reason—fear. Just like any traditional extortion op, ransomware operations succeed because they capitalize on fear, which ultimately forces victims to do something irrational such as paying cybercriminals. Fear of losing your job because you lost important documents to ransomware can be crippling. Getting locked out of your system or never being able to open your files again is a scary thought. Possibly being indicted for potentially embarrassing browsing habits (such as watching adult or inappropriate videos) or unwanted public exposure can compel you to pay. And from what we’ve seen so far, fear-mongering works, as proven by the US$325 million paid by individuals and businesses worldwide to a single ransomware variant called CryptoWall in 2015.
Of course, the onus doesn’t completely fall on users. Ransomware has gone through some very drastic changes through the years. Every newly discovered variant seems to have improved, sporting more sophisticated routines that have made them more dangerous even to the informed. Ransomware has evolved a lot since its early days—when the malware type used federal law violation warnings (Police Ransomware/REVETON) as a scare tactic—to modern crypto-ransomware that can lock users out of their systems. Different ransomware families have also adopted a variety of new tactics to compel users to pay as soon as possible; Jigsaw, in particular, threatens to delete an increasing number of files after every hour of nonpayment.
Cybercriminals have also constantly improved ransomware’s hostage-taking tactics with the use of increasingly sophisticated encryption technologies. In 2013, ransomware strains led by CryptoLocker began encrypting files, holding them hostage until victims paid the ransom. It was proven to be an effective tactic, and other ransomware families followed suit. Since then, a number of businesses and large organizations around the world have been hit, as police departments, small businesses, schools, and hospitals joined the growing list of ransomware victims.
The threat is still growing. 50 new ransomware families have already been seen within the first five months of 2016 alone, which is more than the numbers seen in 2014 and 2015 combined.
The ransomware threat is as real as it gets, but paying shouldn’t be an option, as paying the ransom does not guarantee that victims regain access to their locked files. Case in point, the Kansas Heart Hospital paid the ransom to regain access to their locked systems, but instead of getting a decrypt key, the hospital was extorted for more money.
Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
For home users, Trend Micro Security 10 provides robust protection against ransomware by blocking malicious websites, emails, and files associated with this threat.
Regardless of the user type, online best practices, such as avoiding opening unverified emails and links embedded in them, and regularly updating software and applications can reduce the risk of getting infected. Backing up files using the 3-2-1 rule can make mitigate the effects of file loss from a ransomware infection.