While there is little doubt that cybercrime is on the increase globally, one area that is particularly worrying for cybersecurity professionals is the sudden surge in ransomware.
Incidences where organisations or individuals pay cybercriminals who have hijacked their systems have increased alarmingly since the beginning of this year – and criminals are becoming more savvy about exploiting victims almost daily. They have been quick to realise just how lucrative this “new market” is … and how easy it is to exploit.
Raj Samani, chief technology officer at Intel Security EMEA, says the dramatic increase in ransomware has shocked himself and many of his peers in the cybersecurity industry.
“The biggest growth area in cybercrime is ransomware,” Samani says. “We’ve been tracking ransomware for some time, but if you just look at the timeframe between January and March this year, there has been a three-fold increase in the number of people who have fallen victim to ransomware.
“During this period, we have gone from 250 000 people to nearly 700 000 people that have had their computers, files or documents lost and who have paid criminals money to retrieve them,” he says.
And the criminals behind the scheme have been quick to cotton on to which countries’ citizens are the most likely of prey. Samani says that the US is the top target for ransomware gangs and that the UK comes in around second or third.
“The criminals are tracking which countries are most likely to pay,” he says. “People in the US and the UK are the most likely to pay a ransom, so they are targeted more.”
And in line with the increase in victims, there has also been a proportionate increase in the number of ransomware families, or variants, being used.
“At the beginning of the year, we were tracking 10 families of ransomware,” says Samani. “By March, this had increased to 57. And now, it is considerably more. Ransomware is springing up everywhere and it is specifically going out to target areas because the perpetrators are being paid. Ransomware as a service is increasing massively … ransomware is publicly available … and the criminals know who to target … who they will get payment from.”
Samani says there are three main criminal groupings within ransomware: Wannabees, affiliates and organised crime syndicates.
“A wannabee can pay $5 for 5 000 addresses and now he has a list of potential victims,” he says. “They don’t make a great deal of money, but they’re making it accessible.
“The affiliates are more nefarious,” he explains. “These are the kind of people behind the likes of Cryptowall. They go out and hire people to carry out an operation on their behalf. They’re doing proper recruitment and actually compete against legitimate cybersecurity organisations for the limited talent that is out there.”
At the top level of ransomware, Samani says it is often difficult to determine exactly what criminal gang is pulling the strings.
“This is one of the biggest changes in the trends that we’re seeing,” he says. “Historically, you could categorise a hacktivist or a gang, but the reality now is that the lines are blurred. Organised crime could be working for a state … they are for hire. But it is probably in this area that we are seeing the biggest amounts of revenue being demanded – and paid.
And they don’t rest on their laurels, he adds.
“Anyone remember Cryptowall III?” he asks. “The ransom for this was $325-million and they were paid. And what did they do with it? Three days later they had fixed all the vulnerabilities exposed in version three and came out with Cryptowall IV. They put some of the money back into R&D and came up with a new product.”
And while ransomware criminals have identified the most lucrative countries to target, they are also realising that specific industries and organisations are more vulnerable than others. The noticeable targeting of healthcare facilities, says Samani, is a worrying concern. He cites the example of a US hospital that was targeted and, after a week of DDOS where staff resorted to faxes to communicate, paid the $17 000 ransom demanded.
“In the first quarter of the year, this was just one example of several hospitals throughout the world that were victims of ransomware,” Samani says. “But apart from the interference in crucial health services, what else couldn’t that hospital buy for that $17 000 ransom? That’s a question that needs to be asked.”
Samani says that Intel Security has been quick to realise the threat posed by ransomware and has put measures in place to address it.
“We’ve already established dedicated and focused teams and have a number of innovations and patents coming out to specifically combat ransomware,” he says. “We’re also working closely with law enforcement around the world on this problem and there should be some significant announcements in the very near future on the success we, as a community, are having in the fight against ransomware.”