It's one of the fastest-growing forms of cybercrime – and one of the most visible. Ransomware locks victims out of their valuable files and demands payment to release them, unlike other forms of malicious software that stay hidden and stole data.
Ransomware has quickly grown to become one of the biggest cybercrime threats for businesses and consumers. The FBI estimates that victims collectively paid criminals close to $1 billion in 2016 in order to get their data back.
F-Secure, a security software company, said that there was only one known ransomware ‘family’ just five years ago. By 2015, there were 35, which exploded to 193 in 2016. It recently warned that this number could double again within a year.
Criminals’ main tactic for infecting victims with ransomware is by sending a ‘phishing’ email that’s made to look like a legitimate message.
“There is usually some form of social engineering – which might be a recent news story or item of interest – to entice the user to click on the link or download the attachment. Once the user clicks on the link, they ultimately end up installing a file on their machine which is the ransomware,” said Bob McArdle, EMEA manager of the Forward Looking Threat Research team at security provider Trend Micro.
“The advice we’ve been saying for years still applies: don’t click a link if you don’t recognise the sender,” McArdle adds.
For computer users in the home, keeping an online backup account that saves data automatically means that victims can restore their information without having to pay criminals any ransom.
“If you are in a business, then the classic 321 rule applies: you should make three copies, on two different physical media and store them in one separate location. That goes a long way towards helping to recover from ransomware,” McArdle says.
He also warns that the problem is unlikely to go away soon. He expects that criminals’ tactics will evolve in order to demand even more money from victims. “As bad as ransomware is right now, in our opinion it’s in its infancy. It’s not just a malware family, it’s a technique for extortion,” he says.