Increasingly, there are two types of people when it comes to ransomware attacks: those who have been extorted to regain control of their computer and those that will be in the future.
Hackers using ransomware struck more than 700,000 households last year. Ransomware locks computers and the files on them until victims pay the hackers to undo the encryption. That number increased five times what it was in 2014. This is a particular problem for small businesses, which simply don’t have the resources to protect their computers or hire security experts to combat ransomware. More often than not, when faced with hackers’ demands, small businesses just pay it.
{mosads}The frequency of attacks using ransomware is spiking and so are the hackers’ demands. In 2015, the average ransomware payment was $680, according to Symantec, which was double the average payment in 2014.
Hackers infect computers through a myriad of schemes, but one of the most alarming is the use of pirate websites to bait and infect consumers. Our research at Digital Citizens Alliance shows 1 in 3 of these content theft websites expose consumers to malware.
During DCA’s research, our investigators spent time in the DarkNet forums where criminals negotiated with content theft website owners on what prices to charge to infect visitors’ websites with dangerous malware. This is a big business: malware operators were paying these websites $70 million just to allow them to infect computers. If they are investing $70 million, it begs the question what is their financial return?
Criminals have found the perfect crime: utilizing “free” pirate websites to ensure that consumers do the job of infecting their computers for them. In nearly half the instances, the malware infection occurred by simply visiting the website.
This week, the Federal Trade Commission is holding a forum to raise consumer awareness about the dangers of malware. One important step that the FTC could take is alerting consumers to how hackers have weaponized the pirate websites where content thieves peddle their stolen movies.
Ransomware is only one of the “benefits” that criminals get by infecting computers via content theft websites. Malware also enables them to steal financial information or your identity, and in some instances, surreptitiously take over the camera on your device. This tactic, called “slaving,” enables the criminal to peep into the bedrooms of young boys and girls to observe them without their knowing it. Miss Teen USA Cassidy Wolf was one intended target of a hacker who slaved her computer.
But like any business, criminals flock to where the money is, and right now that’s ransomware. According to Kaspersky Lab’s Michael Canavan, hackers are realizing that the market and payouts are endless. “Business targets are at a higher premium because they have a bigger resource pool and more capabilities in terms of data — it’s not just photos of your kids, it’s patient files in hospitals and financial records in banking organizations,” Canavan said.
When targeted businesses go to law enforcement, more often than not they are surprised by the advice they get: pay the ransom. That’s because U.S. law enforcement simply doesn’t have the resources to track and bring to justice shadowy hackers living in remote places such as Eastern Europe and Southeast Asia.
That puts the onus on prevention, which means it’s paramount that the FTC and consumer protection agencies at the state level raise the level of awareness and warnings that they give to consumers, most of whom simply don’t know how they expose themselves to malware.
Through alerts and public-service campaigns, the public should be warned what risky behaviors expose them to malware, whether its visiting content theft websites, opening suspicious email attachments, or clicking on unknown links.
Ransomware is becoming the influenza of Internet safety. If it isn’t addressed, it will only get worse, infecting more and more computers and creating both financial harm and emotional duress. It’s time that the leaders we count on to combat crime take this more seriously.
Dan Palumbo is the Research Director for Digital Citizens Alliance, a consumer-oriented coalition focused on educating the public and policy makers on the threats that consumers face on the Internet and the importance for Internet stakeholders – individuals, government and industry – to make the Web a safer place.
The views expressed by authors are their own and not the views of The Hill.