In November of 2018, the East Ohio Regional Hospital in Harpers Ferry, Ohio, nearly became the victim of a ransomware attack. Thanks to their double-layered security, however, the hospital was able to quickly get their services back online with only temporary disruption to their emergency services department.
But East Ohio Regional Hospital’s success story is unique. Two years earlier, Hollywood Presbyterian Medical Center in California paid $17,000 to hackers to obtain relief from the pressure caused by the 90,000 machines the hackers infected with a virus called Locke. Entire cities like Atlanta and Baltimore have shut down and been asked to pay ransoms over $50,000 to get their city technology back online.
While public entities like hospitals or cities may be required to make their ransomware attacks public knowledge, private businesses are usually not. Because it is so rare in the news, business owners often do not consider the possibility of an attack to be a real security threat. However, in 2017 NBC reported that the ransomware industry was thought to have grown up to $1 billion at the end of 2016. And it has only gotten larger ever since.
This amount of money was not just collected by attacking hospitals and cities, but by attacking every device imaginable with data valuable enough to hold for ransom. If they think they can hack it and you’ll pay money to get it back, then you are always at risk.
A survey conducted by IBM reports that 70% of businesses responded that they had paid to resolve a ransomware attack. Half said they paid up to $10,000 and 20% said they paid upwards of $40,000.
Inside the Ransomsphere
While research has focused on the consumer response, or those paying the ransom, the destination and circulation of the ransom money remain fairly mysterious. Further investigation into what some researchers call the “ransomsphere” reveals a huge spike in 2016, with ransoms only getting higher over time. What made it so profitable?
The rise of bitcoin has made it even easier for criminals to cash out humongous, and hard to trace, amounts of money. It’s surprisingly easy to open a bitcoin wallet since it doesn’t require a valid ID. Using bitcoin guarantees that ransoms can be automated, and the transactions can’t be refuted.
The ease of transferring ransom funds has allowed an entire ransomware infrastructure to develop so that ransomware distributors can use existing cybercriminal technologies to spread their wares even faster. Since ransomware is so lucrative and easier than ever to automate, the benefits of the ransomware economy are no longer limited to the cyber-savvy. Ransomware as a service is a growing aspect of the ransomware industry, creating a market for those that want in on the cash without all the technical work.
Researchers that have tracked ransomware use terms that suggest the ransomware economy resembles some kind of cyber-mafia. It consists of contenders, like Locke, that are referred to as “families,” or “kingpins.” These kingpin ransomware operations are short-lived, even at their peak. Even so, the majority of the profits are often concentrated into the top few families.
This creates a very concentrated market where “the more revenue a ransomware author generates, the more it can invest in the means to spread its distribution,” and so the cycle continues. And it shows no signs of slowing down. The extremely competitive market only challenges participants to develop even more powerful, complex ransomware.
The ransomware economy is indeed more vast and sinister than initially assumed. The good news is that you can defend yourself against malicious ransomware by backing up your data frequently.
One 2017 survey showed that only 37% of respondents backed up their data, and they only did so infrequently. Neglecting to back up data puts all the responsibility on operating systems to defend against ransomware, which is a mammoth task to take on alone.
Don’t contribute to the ransomware mafia. Handle your data responsibly, back it up often, and don’t let the kingpins get you down.