Online extortion is on the rise.
Not only have recent months seen an increase in distributed denial-of-service attacks with demands that companies pay up to have their website returned to normal working order, and even the theft of confidential data with threats that it will be released to the public if financial demands are not met, but there has been a noticeable increase in ransomware attacks too.
Most recently, as reported on Bitdefender’s Hot for Security blog, the Hollywood Presbyterian Medical Center in California caved in to hackers’ demands after being hit by a strain of ransomware which is said to have crippled hospital departments including oncology and radiology. In all, the medical center is thought to have paid out 40 bitcoins (approximately US $17,000) to its attackers.
Even police departments are reported to have given in to online criminals and paid cash to get their data back after being hit by ransomware.
It has become clear that the spreaders of ransomware don’t discriminate. They’re just as happy to hit businesses and consumers alike. But the criminal rewards which can be made if a large organisation becomes a victim of ransomware are significant.
And, whenever ransomware is shown to work for criminals (in other words, when victims submit to the blackmailers’ demands, and pay up) all that is happening is even more incentive is being created for criminals to spread yet more ransomware.
Paying up is definitely not a good thing to do in my opinion. But if an organisation has failed to keep properly secured backups I can understand how they might feel they have no alternative.
If you ask the FBI, they may very well tell you that you should just pay the ransom, but I’m sure I’m not the only person who finds such suggestions hard to swallow. Why should businesses which are working hard to make a profit, or organisations doing good for the community, hand some of their cash over to criminals?
The answer to the problem, as with many things related to computer security, is to realise that prevention is better than cure.
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.View all posts
Don’t miss out on exclusive content and exciting announcements!