By Yoohwan Kim, Ph.D.
CISSP, CISA, CEH, CPT Associate Professor Computer Science Department University of Nevada Las Vegas
Ransomware attacks spiked 6,000% in 2016, with more than 4,000 attacks occurring each day. This is an increase from 1,000 attacks a day in 2015.
As famed bank robber Willie Sutton once said, “I rob banks because that is where the money is.” Contemporary bank robbers are seldom as successful and certainly nowhere close to these ransomware statistics. Ransomware is the new criminal money-making industry.
Co-author Dr. Yoohwan Kim, a speaker at the Las Vegas USSS Electronic Crimes Task Force quarterly meeting on March 3, 2017, provided research for this article. Some of that research came from an IBM Security Report, which also noted the 6,000% spike in 2016.
Ransomware Is a Costly Problem for Many Organizations
Ransomware is a type of malware that prevents users from accessing their computer systems. This malware targets critical data and systems for the purpose of extortion, either by locking the system’s screen or by locking the victims’ files until a ransom is paid.
Check Point’s ThreatCloud World Cyber Threat Map currently contains 250 million addresses and 11 million malware signatures. There is a steady increase in ransomware successes by hostile actors. More than 2,000 new ransomware programs are developed every month.
Perhaps a better term would be crypto-ransomware: Your files are encrypted and you are locked out from important data. The criminals then demand payment for the key to unlock the encryption.
Who Is Vulnerable to Ransomware?
Hollywood Presbyterian Medical Center in California lost control of its data for more than a week due to a ransomware attack. The hospital paid the ransom with 40 bitcoins worth $17,000 and the hospital regained control of its data.
Allen Stefanek, president and CEO of HPMC, said: “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”
The San Francisco Municipal Transportation Agency was attacked on November 28, 2016. The hostile actors demanded 100 bitcoins or $73,000. The attack took all ticket machines offline for the day and affected more than 2,000 systems and computers. Rather than shut down the rail system, the agency allowed users to travel for free.
Police Departments Can Be Targets
The police department in Tewksbury, Massachusetts, made a $500 payment after enlisting the help of the FBI. Similarly, a police computer in Swansea, Massachusetts, was hit with a ransomware attack. The police department decided to pay the ransom of two bitcoins (about $750) rather than try to figure out how to break the lock.
There are many similar targets, and most victims pay the scammers rather than risk losing critical data. The targets can be anyone. And when threat actors live outside the United States, U.S. money can be an enticing target due to the high cost of living in many of the home countries of ransomware operations.
Ransomware Business Is Booming and Growing More Professional
Revenue from the Cryptowall 3.0 program – the most popular ransomware program among hostile actors – reached $325 million through October 2015, according to the Cyber Threat Alliance.
In all, hostile actors earned $24 million in 2015. The FBI said hackers earned $209 million in the first quarter of 2016. Experts project that criminals will use ransomware to earn over $1 billion in 2017.
An interesting phenomenon is that ransomware is becoming more business-like in its operations, including live customer support to negotiate fees and deadlines. Good customer service gives ransom victims the confidence to pay and regain control of their files. Bitcoin virtual payments provide secure transactions for the criminals.
If an extortionist attacks your computer with ransomware, report the attack to local authorities and the FBI’s Internet Crime Complaint Center (IC3) as soon as possible. This practice will allow law enforcement to track the growth of the ransomware industry. It will also help all of us to understand new ransomware trends and potential methods to protect ourselves.
About the Authors
James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.
Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 “Secrets to Getting a Federal Government Job”.
Dr. Yoohwan Kim is an Associate Professor in the Department of Computer Science at University of Nevada Las Vegas (UNLV). He received his Ph.D. degree from Case Western Reserve University in 2003 in the area of network security (DDoS attack mitigation). His research expertise includes secure network protocols, unmanned aircraft systems (UAS) communications and cyber-physical system (CPS) security. He has published over 90 papers in peer-reviewed journals and conferences, and has 6 patents granted or pending. His research has been sponsored by Microsoft Research, the U.S. Air Force, Naval Air Warfare Center, Oak Ridge National Laboratory, National Security Technologies and the National Science Foundation. Before joining UNLV, he has had broad experience in the IT industry as a management information systems consultant at Andersen Consulting (now Accenture), a database programmer at Cleveland Clinic Foundation, a software engineer at Lucent Technologies and his own start-up company.