Cyber Security

The Rise Of Ransomware Attacks

James Hingley

Against the backdrop of this global health crisis, the number of ransomware attacks is growing.

The uptick in attacks is continuing. The shift to working from home allowed cybercriminals to exploit less secure networks. People were no longer connecting to corporate networks that provide better protection against ransomware attacks. Attacks are becoming more sophisticated, and the attackers are demanding more money.

Yet, remote working is only one factor in the rise of ransomware attacks.

What are ransomware attacks?

In short, ransomware is a type of malware that encrypts data so that the user can no longer access their files. To regain access to the data, the attackers demand a ransom. If the sum is paid, the attackers will return the data they have been withholding.

The model is not new. The first documented ransomware attack was in 1989. Known as AIDS Trojan, it was developed by Joseph Popp, a biologist. Released on floppy disks and labelled as AIDS Information-Introductory Diskettes, Popp distributed 20,000 of these disks to attendees of the World Health Organisation’s AIDS conference. Victims were told to pay $189 in return for the repair tool. Although AIDS Trojan was easily overcome, it marked the beginning of ransomware attacks.

As technology developed, so too did the sophistication of ransomware attacks. Users unwittingly download the file or following the link. Once opened, hackers can gain access to personal details, such as bank information. Attacks still use a Trojan, malware that disguises its intent, but it is harder to retrieve the encrypted data.

How have attacks developed?

Cybercrime is an increasingly lucrative and profitable industry. As the hackers become more inventive and their malware becomes more sophisticated, many victims are resorting to paying the ransomers. In 2020, ransomware attacks amounted to around $29.1 million. By comparison, only $8.9 million was lost to ransomware in 2019.

The average ransomware payment is also rising. In the first quarter of 2021, the average ransomware payment was $220,298, a 43% jump from the last quarter of 2020. Damages from cybercrime are expected to reach $6 trillion this year. The ransomware boom is expected to continue. Cybersecurity Ventures estimates that cybercrime costs will reach $10.5 trillion by 2025 if growth continues at the present rate. Right now, the rate is 15% each year.

Ransomware attacks are benefitting from the rise of cryptocurrency. In April 2021, Bitcoin hit a record high of more than $63,000. Cryptocurrencies are beneficial for cybercriminals. Cryptocurrencies simplify transactions. Using the likes of Bitcoin and Ethereum, cybercriminals can receive payments with anonymity. Such transactions are almost impossible to trace. Luta Security founder & CEO Katie Moussouris echoed this:

‘The cryptocurrency exchanges, outside the U.S. especially, allow for a lot more anonymity in these transactions that are criminal in nature’.

Given these factors, it is unsurprising that ransomware attacks are increasing. Between 2019 and 2020, ransomware attacks rose by 62%. The two worst-affected countries are the USA with a 185% spike and the UK with a 144% spike.

Ransomware attacks are garnering greater attention. Companies are increasingly giving in to the ransomers and meeting their demands. Small businesses have been hit particularly hard due to their limited resources to fend off ransomware attacks.

However, paying the ransom brings with it its own problems. Even after paying the ransom, there is no guarantee that the hackers will return the data. By meeting their demands, ransomers are given more motivation to continue with their ransomware schemes.

What is being done about ransomware?

It is becoming increasingly difficult to prevent ransomware attacks entirely. The number of businesses paying the ransoms is evidence of this. However, measures can be put in place to mitigate the damage of ransomware attacks.

According to the National Cyber Security Centre (NCSC), companies should institute preventative measures before an attack takes place. First and foremost, companies should make regular backups of their files. Mail filtering can help to prevent malware from arriving, whilst blocking malicious websites offers further protection.

The point the NCSC stress especially is the need for preparation. Ransomware attacks can come from anywhere and at any time. Without the appropriate measures in place, companies are easy prey for cybercriminals.

World leaders are also addressing the issue of ransomware. In July, American President Joe Biden informed Russian President Vladimir Putin that the US is prepared to take the necessary action against cyber-attacks from Russia. A previous attack had disabled 1,500 companies. Russia denies any involvement in cyber-attacks against the US.

A breakthrough?

Reports emerged in July 2021 that one of the most feared of all ransomware gangs was no longer in operation. REvil, a ransomware gang with links to Russia, disappeared on Tuesday, July 13. There was some speculation that the US or Russia may have taken action against REvil. These reports are unverified.

The demise of REvil would be good news. However, REvil’s disappearance does not mean ransomware attacks will stop. Ransomware gangs are like a hydra; if one head is cut off, others will simply grow in its place.

About the Author: James Hingley

James Hingley is a contributing Features Writer with extensive expertise in International Relations, Politics and Culture.