Ransom, as a crime, hasn’t really changed much over the years. The first American ransom note was used in a kidnapping in 1874 in Philly. In broken English, it read in part, “You wil have to pay us [ ] and pay us a big cent to…[I]f you put the cops hunting [ ] you is only defeeting yu own end.” (Source: Smithsonian.com, The Story Behind the First Ransom Note in American History, By Carrie Hagen, December 9, 2013)
Fast forward 140 years, and we still face this very same crime with very much the same messages. What’s changed, of course, is the delivery method: criminals of all types (former employees, activists, terrorists, etc) can now deliver ransom-laden software, known as “ransomware,” to users’ computers by way of e-mail and websites, all towards taking something hostage (information, systems, networks) with the promise of releasing it only after getting paid.
Ransomware is defined as “a type of malware that prevents or limits users from accessing their system. [It] forces its victims to pay [a] ransom through certain online payment methods in order to grant access to their systems, or to get their data back. ” (Source: TrendMicro). Ransomware has been around a while (the first cases were reported in 2005 – 2006 in Russia); however, the last few years, and 2015 in particular, have witnessed a significant increase in these types of attacks. The first quarter of 2015, by way of example, “…saw a 165 percent increase in new ransomware…” (Source: betanews, “Ransomware sees 165 percent increase in 2015,” by Ian Barker, May 2015).
That growth of ransomware has continued into 2016:
- This month a Los Angeles hospital was held hostage by ransomware and opted to pay a ransom of 40 bitcoins (the equivalent of $17,000) to the group that, “locked down access to the hospital’s electronic medical records system and other computer systems. The decision came 10 days after the hospital lost access to patient records.” (Source: arstechnica, “Hospital pays $17k for ransomware crypto key,” by Sean Gallagher, February 18, 2016)
- A new ransomware strain called the “Locky Ransomware” has emerged, in which unsuspecting users open a Microsoft Word file loaded with Macros. When the user tries to open the Word doc, he or she is asked to “enable macros,” and when they do the ransomware is downloaded and executed. (Source: The Hacker News, “How Just Opening an MS Word Doc Can Hijack Every File On Your System,” by Rakesh Krishnan, February 18, 2016).
- A new kind of Android malware called Xbot has been found that doubles as ransomware and, “steals online banking credentials” while holding a device’s files hostage in exchange for a ransom. “The malware [ ] is not widespread yet and appears to be just targeting devices in Australia and Russia.” (Source: CIO Magazine, “A new Android banking trojan is also ransomware,” by Jeremy Kirk, February 18, 2016).
It’s now clear that ransomware is a serious and growing threat that can cost people and companies dearly (according to a Nov. 2015 report, Crypto Wall 3 ransomware was responsible for approximately $325 mil in damages since its discovery in Jan. 2015). (Source: LavaSoft, Cryptowall Ransomware Costs Users $325 million in 2015,” November 2, 2015). As such, for-profit organizations and non-profits alike will do well to be careful, vigilant and on the lookout for ransomware attacks, and make their employees aware of the same with training and awareness designed to stop these attacks before they begin.