Ransomware payments for 2016 are expected to hit a billion dollars, according to the FBI. That compares to just $24 million paid in 2015.
And it's expected to get even worse this year — with more victims and more money lost.
Experts even predict that the cloud could come under attack this year because it’s such a lucrative target and could result in ransom payments in the millions of dollars.
Ransomware is a family of malware that blocks access to a PC, server or mobile device, or encrypts all the data stored on that machine. It’s typically delivered via malicious email or infected third-party websites.
To regain access or control of the data, the user must pay a ransom — typically via bitcoin. The encryption is unbreakable and simply removing the malware will not solve the problem. The victim is forced to pay for the unique software key that will unlock everything.
“It’s like some sort of gold rush,” said Limor Kessem, executive security adviser for IBM Security. “Cybercriminals are using ransomware to bring extortion to the masses and more criminals are now doing it because they’re interested in getting a piece of the action.”
The average ransom demanded in 2016 was $679, more than double the $295 demanded at the end of 2015, according to a report from Symantec. Some businesses that experience a ransomware attack are making 4- to 5-digit payments to get their data unlocked.
“We did a survey in the U.S. and discovered that 64 percent of end users who got ransomware paid the ransom,” said Kevin Haley, director of Symantec Security Response. “People are willing to pay, so the bad guys keep raising the price. We’ll probably see it hit a thousand dollars before 2017 is over.”
Criminal gangs are now capable of pushing their malware to millions of computers a day. In fact, Malwarebytes reports that 60 percent of all malware observed last year was ransomware. Not everyone gets infected, but a lot do.
“It’s a fantastic money maker,” said Adam Kujawa, director of malware Intelligence for Malwarebytes.
“With other types of malware, a criminal has to deal with collecting personal information like passwords or credit card numbers and then try to resell that in the underground marketplace to other criminals," he said. "With ransomware, it’s direct. You infect someone, they pay you directly.”
It’s Going to Get Much Worse
Digital security experts tell NBC News the number of ransomware attacks skyrocketed in 2016 and the sophistication of this malware grew exponentially. And they say it’s going to get worse.
More criminals are expected to shift to ransomware because they can now buy ready-made ransomware software from super hackers. These toolkits make it possible for anyone with basic computer skills to launch sophisticated attacks.
The menace will also grow as new variants of this malicious software are developed that do more than simply encrypt the data. For example, “Jigsaw” encrypts the data and then starts deleting groups of files to put pressure on the victim to pay up quickly. “Chimera” threatens to post the victim’s files online, including pictures and videos, if the ransom is not paid by the deadline.
We may also see attacks on devices that use the Android operating system. Symantec has already discovered ransomware called “Flocker” that can lock Android smart TVs.
With ransomware, the criminals can be anywhere in the world and attack any individual or corporate computer connected to the Internet. A survey by Symantec found that the U.S. was the favorite target with 28 percent of global infections. Canada was a distant second at 16 percent.
Right now, individual computer users are the most likely victims because they tend to have less robust security in place. But as we saw last year, corporate systems are also vulnerable. It’s been reported that hospitals, police departments, colleges, banks, and utilities paid a ransom in order to regain access to their information.
In February, Hollywood Presbyterian Medical Center in Los Angeles paid nearly $17,000 to unlock the hospital’s computer network. "The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," hospital CEO, Allen Stefanek said in a statement at the time.
In late November, ransomware hit the San Francisco Municipal Transportation Agency and disabled the ticket vending machines for Muni light rail.
The Symantec report warns that some ransomware gangs are increasingly interested in hitting businesses and that they’re using “advance attack techniques, displaying a level of expertise similar to that seen in many cyber espionage attacks.” Businesses are more likely to pay the ransom if they don’t have backup files and can’t get things up and running again quickly.
Would You Pay to Get Your Files Back?
IBM asked 600 U.S. business leaders what they would do if they faced this sort of extortion. The survey results show 70 percent of the businesses infected with ransomware had paid a ransom to regain access to their business data and systems. Half of these companies paid more than $10,000 and 20 percent paid more than $40,000. Other key findings:
- Nearly half of the executives surveyed said their company had experienced a ransomware attack
- Nearly 60 percent indicated they would pay a ransom to recover data
- Twenty-five percent said they’d be willing to pay between $20,000 and $50,000, depending on the type of data lost.
Limor Kessem, who wrote the IBM Security report, told NBC News she was surprised to learn how many businesses had already experienced a ransomware attack.
“Ransomware is pretty much the only malware that can impede everything you’re doing,” Kessem said. “It can lock up your devices altogether or it can lock up the data on those devices. And this can paralyze a business.”
Law enforcement discourages victims from paying the ransom — believing it encourages more attacks and pays for the development of more evil malware. There’s also no guarantee that once the ransom is paid, the files will be unlocked. But many businesses pay because they’re not prepared and feel they have no other option.
Anyone hit by ransomware should file a report via the FBI's Internet Crime Complaint Center. The FBI also has tips for protecting yourself and your organization.
Big and medium-sized companies are more attractive extortion victims, since they can pay a bigger ransom. But the IBM report cautions small businesses that they remain “a ripe target” for ransomware because their employees often lack training in workplace IT security. The study found that only 30 percent of the 200 small businesses surveyed offer security training to their employees, compared to 58 percent of larger companies.
Everyone Is at Risk
Everyone who goes online — via home computer or mobile device — needs to be prepared for a ransomware attack and take steps to reduce the chances of infection.
And while you may say you’d never pay if you got hit — you might reconsider if all of your financial files, family pictures or everything stored on your mobile phone are locked and you don’t have backups anywhere.
“You have to prepare for it now. You have to arm yourself and put proper security precautions in place because if you don’t protect your files, nobody else will,” said Malwarebytes Adam Kujawa. “You need to think of it as being in a war and you need to protect yourself.”
As part of its just-released survey, IBM asked more than a thousand American adults about ransomware. Only one-third had heard of it and 59 percent had not taken any proactive measures in the past three months to protect their devices from being hacked.
How to Protect Yourself
Think before you click
Most ransomware is delivered via email that tells you to click on a link or open an attachment. The message is designed to get you to open that infected attachment. It could appear to be information about a package delivery or an invoice that you’re supposed to pay. If you’re not expecting it, don’t open it. IBM found that nearly 40 percent of all spam emails sent in 2016 contained ransomware.
Back up all of your data
You should have a frequent and regular backup routine for all of your devices no matter which operating system they use. Apple software is not immune. Symantec reports that in March of 2016, “KeRanger” became the first widespread ransomware to target the Mac OS X operating system. You can back up in the cloud, on a thumb drive or external drive. Just make sure your backups are secure and not constantly connected or mapped to the live network or they could also get infected.
Update, patch and purge
You should be set to receive automatic updates for all software, including operating systems, apps and security software — on all devices. Delete any applications that you rarely or never use.
Disable those macros
IBM reports that document macros are now a common way to deliver ransomware. That’s why macros for email and documents should be disabled by default.
“This is not something that happens to other people, it could easily happen to you,” cautioned Symantec’s Kevin Haley. “We really need to step up our protection because the bad guys are stepping up their game. There’s just too much money involved for them not to.”