Bromium, most cyber-extortionist demands range from $100 to $1,000, but average about $300.
The typical victim of cyber-extortion is a small organization with minimal security oversight, or an individual who may not understand the risks associated with the Internet. FireEye, a network security company, compiled a report on the human costs of ransomware that details how cyber-extortionists pose as legitimate services and mock those who object to paying.
Many victims are not even aware that they are being exploited, as evidenced by comments left on one cyber-extortion group’s payment page: “Thank you for providing the decryption key. We were able to recover [our files] … We are a nonprofit that exists to cure blood cancer…“Never before in the history of humankind have people across the world been subjected to extortion on a massive a scale as they are today,” begins a Symantec study on the evolution of ransomware, the malicious software that locks files until their users pay a fee to unlock them. The FBI reports that ransomware is now a $150 million-a-year criminal enterprise worldwide.
On the morning of February 18, 2016, after a 10-day siege by hackers, Hollywood Presbyterian Hospital paid their unknown tormentors 40 bitcoins (worth about $17,000) for a key code that would allow medical staff to finally regain access to the hospital’s databases. The extortionists had originally demanded over $3 million, making it the largest known single ransomware demand in history, and indicating that online criminals are becoming bolder.
This group of “crypto-extortionists” were exploiting a new strain of ransomware called Locky, which had locked the hospital’s databases after fooling an employee into downloading and opening a file attached to an email.
The Victims of Ransomware
The case of Hollywood Presbyterian is particularly noteworthy because of the size of the ransom paid. According to a comprehensive analysis of ransomware by cybersecurity firm Would you please consider refunding our bitcoins?”
Cyber-extortionists rely on general ignorance of network security to find their marks, thus making it difficult for software security services and antivirus programs to have much of an impact on reducing infections. According to Intel Security, “80 percent of small and medium-size businesses don’t use data protection and less than half use email security.”
Common sense dictates that individuals and businesses should make daily backups to external storage devices that do not remain connected to their computers, to prevent the spread of malware to those devices. There are many basic precautions that consumers and small businesses can make to curtail the spread of ransomware, including insurance options to protect against losses from data breaches.
If you are a small business owner or network administrator, create a system of best practices that guide staff on the proper use and safe operation of their work computers and smart devices.
What to do When Infected with Ransomware
If you have been infected with ransomware, you have likely received a note from extortionists, perhaps posing as a legitimate company or government agency, demanding that you pay if you want to recover your files.
The first rule of extortion that experts agree upon is: do not pay. Paying does not guarantee that you will receive the software key that will allow you to recover your files, and it emboldens the extortionists to knock at your door for more money in the future. Immediately disconnect all devices in your home or small business from the Internet, as this might prevent the transmission of further data.
Expect that you will probably have to wipe all hard drives of all data across the entire network. Again, receiving an encryption key from an extortionist does not ensure that the ransomware is no longer infecting a system.
Call your Internet service provider, not the police, and inform them of the ransomware infection; they may be able to assist you in tracing the attackers or providing security advice. According to Robert Siciliano, a Boston-based identity theft expert, local police departments are “probably not equipped to deal with [cyber-extortion]… However, the local FBI would want to know about it.”
According to Symantec, ransomware is a rapidly expanding avenue of criminal exploitation on the Internet. Experts predict this form of malware will evolve, and the tactics of criminals will become more sophisticated.
The best way to deal with it is to prevent ransomware from spreading in the first place. Every small business should have a clear strategy for dealing with malware attacks, starting with frequent backups and basic cybersecurity education of staff at every level of the organization.