Ransomware victims have paid out around €22m in just two years

26 Jul 2017

Image: iQoncept/Shutterstock

The common consensus is that if you are a victim of ransomware, don’t pay the criminals. But that’s not always the way things go.

Cited as one of the major cyber issues of 2016, with the “trend unlikely to change for the foreseeable future”, Europol (among other bodies) has been warning against ransomware for some time now.

The likes of Kaspersky Lab and Intel have built projects to fight against it. A team of Irish researchers are looking for ransomware solutions.

And most, if not all, suggest that not paying up is the way to go.

However, a new study has shown just how out of touch that advice seems to be to the general public.

Big money

Around €22m has been paid to ransomware criminals in the past two years, according to research from Google, Chainalysis, University of California San Diego and New York University (NYU) Tandon School of Engineering.

As ransomware generally requires payment through bitcoin, it’s a traceable, and therefore measurable, endeavour.

Tracking 34 separate ransomware families, researchers could trace particular sums, revealing just how profitable a business it is.

Locky appears to be the crucial strand of ransomware, with its success in the early months of 2016 instigating a surge in profitability for attackers. It alone secured around €6m in payments.

The reasoning behind this is because of how Locky was built, with its payment and encryption infrastructure separate from how it was distributed.

“Locky’s big advantage was the decoupling of the people who maintain the ransomware from the people who are infecting machines,” said NYU professor Damon McCoy, speaking to The Verge.

“Locky just focused on building the malware and support infrastructure. Then they had other botnets spread and distribute the malware, which were much better at that end of the business.”

Growing threat

Accenture this week revealed its mid-year report on cyber threats, with ransomware, unsurprisingly, featuring prominently.

According to the report, phishing campaigns continue to use familiar lures – subject lines mentioning invoices, shipments, résumés, wire transfers, missed payments and more, which is surprising.

What worked then, works now.

“But ransomware has displaced banking Trojans as one of the most common malware types delivered via phishing techniques,” it reads.

And ransomware is evolving, much like how illnesses adapt to antibiotics. Ransomware is essentially building a resistance to our growing understanding of what to look out for.

“Increased user awareness and campaign publicity are driving greater sophistication of the spear phishes observed. Users are still a company’s greatest weakness and greatest asset for network defence.

“The continued evolution of ransomware during 2016 and the first half of 2017 produced variants that were more customisable and richer in features than before.”

A particularly bad 2017

When WannaCry ripped across the globe, from east to west, everybody who was anybody in the cybersecurity world said this was merely one of many similar threats destined for our hard drives.

As May turned to June, WannaCry 2.0 warnings grew and grew, and then Petya, a ransomware investigated by Kaspersky Labs in recent weeks, came into focus.

Soon, GoldenEye (a strain of Petya) became the latest nightmare to emerge from the east.

Payment is obviously one way to go when hit, though that doesn’t always work.

Thankfully, a growing suite of advice has emerged to better prepare for potential hacks.

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com