Cyber criminals are stepping up the use of ransomware because it has proved so profitable.
So said Antonio Forzieri, EMEA cyber security practice lead at Symantec, speaking yesterday at ITWeb Security Summit 2016 held at Vodacom World.
According to Forzieri, one cyber criminal syndicate earned up to $350 million in a year from ransomware.
"Ransomware is becoming so popular among cyber criminals because it is so profitable," he said. "Ransomware is not cheap; the average ransom demand hitting individual users now stands at a hefty $300. In the past 12 months, we saw ransom demands range from $21 to $700."
He noted the exact amounts may vary depending on the ransomware family and the location of the victim. "Striking a balance between volume and pricing is a continuing challenge for cyber criminals and some even offered to return data for free after a set period."
Forzieri pointed out cyber criminals started making use of ransomware around 2005 and it was mainly characterised by fake anti-virus scams and misleading applications. The apps posed as fake spyware removal tools, such as SpySherriff, or performance enhancement tools, such as PerformanceOptimizer and RegistryCare, he explained.
These fake tools mainly affected Windows computers, but also targeted Mac OS X systems. They typically exaggerated the impact of issues on the computer, such as unused registry entries and corrupt files, and said they would resolve these issues if the user paid between $30 and $90 for a licence. In reality, many of them did not fix anything, said Forzieri.
He added that around 2010, cyber criminals stepped up their game and started making use of lockers. "Locker ransomware is designed to lock the computer, preventing victims from using it. However, it is not very difficult to retrieve the information."
Symantec says because locker ransomware can usually be removed cleanly, it tends to be the type of ransomware that goes to great lengths to incorporate social engineering techniques to pressure victims into paying. This type of ransomware often masquerades as originating from law enforcement authorities and claims to issue fines to users for alleged online indiscretions or criminal activities.
Forzieri noted cyber criminals have been innovative and are now making use of crypto ransomware, which aims to encrypt personal data and files.
"This type of ransomware is designed to find and encrypt valuable data stored on the computer, making the data useless unless the user obtains the decryption key."
The creators of crypto ransomware know that data stored on personal computers is likely to be important to users, said Forzieri.
"The threats typically display an extortion message, offering to return data upon payment of hefty ransoms. Crypto ransomware has raised the ransom amounts bar to a new level. A typical crypto ransomware threat requests payment of around $300 for a single computer."
With the growth in popularity of the Internet of things, cyber criminals will unleash ransomware on devices like smartwatches and connected cars.
According to Forzieri, crypto ransomware authors tend to favour crypto currencies like Bitcoin as the preferred payment method, whereas locker ransomware prefers to use payment voucher systems.
He urged users to recognise the need to create backups to guard against hard disk failures or the loss or theft of the computer, let alone a possible crypto ransomware attack.
Share