Ransomware attacks have quadrupled this year over last year, averaging 4,000 per day, according to the U.S. Justice Department, The Wall Street Journal reported in a front-page story recently. This is because ransomware has become easier to deploy and more profitable than other scams, and bitcoin is more widely used.
The FBI noted ransomware costs totaled $209 million in the first three months this year, compared to a total $24 million for all of 2015. Costs include lost productivity and time needed to recover files. Ransomware losses averaged $333,000 per incident in the first three months of 2016, compared to $10,000 per 2015 incident.
A Los Angeles hospital, Hollywood Presbyterian Medical Center, paid hackers $17,000 in February to recover files after the hospital was denied access to much of its computer system. The hackers broke into a server in January. They struck on a Friday night when the technical staff was off and encrypted data on 850 computers and 150 servers, making documents unreadable.
Doctors’ orders, payroll and patient transfers had to be logged manually. The hospital declared an emergency.
The hackers first demanded $9,000 within seven days. After the hospital paid this sum, the hackers demanded another $8,000. After making the second payment, the hackers sent a series of 60 letters and numbers to allow the hospital to recover the files.
Steve Giles, the hospital’s technology manager, said he has since received calls from ransomware victims seeking advice, including an Arkansas chemical plant, a Los Angeles taxi company, and Michigan and Nevada water districts. The callers did not say if they paid the ransoms. Some did not wish to name their employers out of fear of becoming targets.
In another case, the Circle Sport-Leavine Family Nascar race team paid $500 in bitcoins in April to recover files in order to be able to compete in a race. The data held hostage controlled the car in different conditions, such as data for adjusting the driver controls, shocks and springs. The ransomware had turned the Word documents and Excel spreadsheets into unreadable text. Dave Winston, the crew chief, got the bitcoins for the ransom from a bitcoin ATM at a suburban Charlotte, N.C. convenience store.
Ransomware has expanded beyond a consumer problem to attack entire computer networks, making it a far more serious problem. Payments range from $500 to $1,000 typically and can be as high as $30,000, according to Cyence Inc.
Ransomware encrypts files after a victim clicks on a malicious attachment or link. It often targets Microsoft Office documents, displaying messages instructing victims how to recover their files.
A ransomware maker calling himself “The Rainmaker” sells a $39 software package on hacker forums.
Microsoft noted the company is working to protect customers, and Office has features to prevent macro-malware.
Ransomware exploits software bugs. Attackers rely on people failing to install software updates.
Criminals find ransomware easier to launch and more profitable than other scams like breaking into computers to steal funds through online banking, according to Juan Andres Guerrero-Saade, a Kaspersky Lab ZAO researcher.
The rising use of bitcoin also supports ransomware’s expansion. Bitcoin allows users to send and receive money anonymously.
One university security official said he bought two bitcoin mining machines to stockpile bitcoins in case he needs to recover files on account of a ransomware attack. He did not wish to reveal his identity for fear of becoming a target.
Featured image from Shutterstock.