Software Integrity Blog

The rise of ransomware

Ransomware has become quite the lucrative discipline. Cyber-criminals are on pace to rake in 1 billion dollars this year by extorting businesses though ransomware. The FBI recently revealed that $209 million dollars were lost to cyber-extortion within the first three months of 2016.

What’s causing the rise of ransomware?

Criminals distribute ransomware as a means to extort money from legitimate organizations, typically as malware that locks users out of their systems until they pay to access them again. It’s become increasingly common as organizations find it easier to pay for the release of their files than combat the malware themselves, which only brings in more money for cyber-criminals.

In 2014, the FBI attempted to block a major ransomware operation known as Cryptolocker, which used a massive network of hijacked computers called a “botnet” to spread the virus. The FBI joined forces with foreign law enforcement and private security companies to cut off communication between that botnet and victims’ devices. They were successful in seizing Cryptolocker’s servers and replacing them with their own, but the attempt barely put a dent in the proliferation of ransomware. Since then, Cybercriminals have been able to tweak the virus and find new servers to infect, rocketing it to become one of the most profitable cyber-crimes to date.

A more recent attack targeted Microsoft 365 email users, sending a massive zero-day attack that bypassed Office 365’s built-in security tools. The attacker, Cerber, was able to target users through spam and phishing emails that carried malicious attachments. When the malware was invoked, it encrypted user files, displayed a ransom note to the user and even took over the audio system to read the ransom note aloud. While the exact number of infected users is unknown, cloud security provider Avanan estimated that roughly 57% of organizations using Office 365 received at least one copy of the malware during the attack.

A positive impact?

So clearly those distributing the malicious software are committing a destructive crime, right? Not entirely. As it happens, in an attempt to lock down users’ files, criminals have done some pretty incredible work to further cryptography and encryption.

The crypto-engineers building ransomware have been so focused on finding new ways to use cryptographic technologies to lock down user files that reactive measures from security professionals have strengthened the encryption methods we use across networks and applications.