As society has progressed into a more technological era, an increase in cyberattacks has logically followed suit. Any technology connected to the internet — or even capable of a Bluetooth connection — is susceptible to threat actors. Hackers are requiring less and less experience to work their way into secure and unsecure networks and devices.
One of the major threats on the rise is ransomware — an attack where a person holds encrypted data for ransom. The only way for the victims to get their data back is to pay the ransom.
But there is a catch: Paying the ransom doesn’t guarantee stolen data will be returned at all. And even if it is returned, it may be corrupted or otherwise damaged.
In response, the Institute for Security and Technology (IST) has created the Ransomware Task Force to put together a plan of action to disrupt ransomware attacks across the industry.
The first ransomware attack
The industry most targeted by ransomware is health care, which hackers began exploiting in 1989.
The first ransomware attack was carried out by AIDS researcher Joseph Popp, who sent out 20,000 floppy disks to various researchers across the world, claiming there was a questionnaire to help analyze the potential AIDS risk of a given person. However, those floppy disks contained a strain of malware that would be activated after the computer was powered on 90 times. It demanded $189 ($440 in 2022) and another $378 ($881 in 2022) to continue using the questionnaire. Altogether, this adds up to a potential $3.7 million minimum to unlock the software, a staggering $8.6 million today. Because this was before the current digital age, Popp had the money sent offshore to Panama to make it safe and “untraceable” (or so he thought).
Soon after initiating the attack, Popp was arrested by the FBI and faced 10 counts of blackmail and damages. He never suffered any real consequences because his lawyers made it seem like he was stealing from the rich to give back to the poor, but it is believed that he was angered because he didn’t get a job at the World Health Organization (WHO).
This malware would be labeled the AIDS Trojan, and it is considered the first ransomware attack in history.
The harsh and growing reality of ransomware
According to Cloud Wards — a cybersecurity and cloud website devoted to sharing expert opinions and tech solutions — about 32% of ransomware victims pay. However, even after they do pay, they only get 65% of their data back. Only 8% of businesses who pay a ransom get all of their data returned.
And it only gets worse.
Again, from Cloud Wards: “In 2021, the average ransom demand reached $220,298 — up 43% compared to 2020.” Interestingly, the number of ransomware attacks has actually gone down, but the efficacy of each attack continues to go up, making them as much of a threat as ever.
Those who deploy ransomware usually only accept cryptocurrency as payment for returning the data. This is because cryptocurrency payments provide anonymity and a level of protection against tracking the threat actor. Generally, Bitcoin is the cryptocurrency of choice because of its availability and accessibility, but another coin called Monero is much preferred because it is untraceable. However, the lack of availability and accessibility make Monero a more complicated option.
Recently, ransomware has started to take another turn, with “cyber gangs” selling ransomware-as-a-service (RaaS) to third parties. The providers, on average, take a 20% cut of the profits, while the third party takes the other 80%. This method, which gives almost anybody the ability to use ransomware, is lowering the barrier to entry for a potential attacker to commandeer a business’ or person’s data. The price to get this service? As little as $50 on the dark web.
There seems to be no answer for the darkness of ransomware attacks.
The Ransomware Task Force
In a time when everyone is looking for answers to the ransomware epidemic, IST’s Ransomware Task Force has released a report on how people can combat ransomware in 2022.
The Ransomware Task Force is a conglomerate of industry experts across the U.S., from software companies to government agencies, that are tackling the issue of ransomware head-on.
IST CEO and Ransomware Task Force Executive Director Philip Reiner said, “We felt an urgent need to bring together world-class experts across all relevant sectors to create a ransomware framework that government and industry can pursue, and ensure the continued faith of the general public in its institutions.”
Their report gives four primary goals:
- Make ransomware an international priority. This includes making sure ransomware is a known issue on an international stage and working to reduce the places where threat actors can “operate with impunity.”
- Interfere in ransomware activity. While this may seem obvious, it isn’t simple. This can be done by disrupting payment facilities, targeting the infrastructure threat actors use and interfering with in-process ransom initiatives.
- Aid businesses in ransomware attack preparation. This boils down to spreading awareness of ransomware to different businesses so they can institute protocols in the event of an attack, as well as encouraging a cybersecurity insurance policy and updating all systems to the most current software/firmware.
- Increase ransomware response efficacy. This includes sharing stories of ransomware and increasing the amount of high-quality information about ransomware to businesses, as well as informing businesses about alternatives to paying a ransom (it may be cheaper to recover data yourself than paying a ransom).
Will we learn fast enough?
Ransomware is an issue that isn’t going away anytime soon, and cyber-vigilance is a crucial part of defending against it. Cyber insurance companies are starting to incorporate ransomware policies to aid in attack mitigation, and knowledge surrounding ransomware is ever-increasing, which allows defenders to learn from past attacks.
However, the question of whether we can learn fast enough continues to linger as more and more businesses pay out for data they won’t ever get back.