NEWS

'Lazy' criminals get rich off emailed ransomware

Elizabeth Weise

USATODAY

A study by IBM found that in 2016 as much as 40% of spam email contained ransomware attachements.

SAN FRANCISCO — Cybersecurity experts are calling 2016 the Year of Ransomware, something Saundra Martinez can unfortunately attest to.

“We were getting ready for a trip, so I was busy. I was expecting a package so I thought nothing of opening an email that said there was a situation with the delivery,” she said. “Normally I’m a very careful person and I check the return address, but this time I didn’t.”

That one wrong click added her to the ranks of thousands of Americans hit with ransomware this year. An IBM study published Wednesday found that nearly 40% of all spam sent in 2016 contained ransomware attachments. In September, a particularly bad month, a full 62% of spam contained the malicious software designed to block access to files or a computer system until a ransom was paid.

These ransom demands aren't small. FBI estimates put ransomware on pace to be a nearly $1 billion crime by the end of the year.

“It’s a lazy crime. All they do is get people infected and just wait for the money to come in,” said Limor Kessem, an IBM executive security advisor and author of the study.

In the case of Martinez, family members left on their vacation. It was only when they returned did she realize there was a problem.

“I sat down at my computer to open a file and a box popped up and said I had to pay to 250 Bitcoin to get to my files, which were encrypted,” she said.

When this happened in October, Martinez had never heard of ransomware. That's not uncommon. IBM's survey found that just 31% of consumers had heard of the malicious software.

For Martinez, a quick session on Google brought her up to unhappy speed. Criminals had encrypted the files on her computer and wanted the equivalent of $2,000 in difficult-to-trace digital currency to decode them.

That, she decided, wasn’t anything she was going to do.

“Paying a criminal is against all my moral codes. I’m not going to pay someone to be bad,” she said.

There, too, she is in the norm. IBM found that over half of consumers said they wouldn't pay ransom for their files.

She was lucky that the ransomware only encrypted her files and didn’t lock down the entire computer. It took her a week and a lot of research, but she was eventually able to remove the offending software and then simply delete every encrypted file until her computer was clean.

“I had to call some people and ask them to re-send me things, but you’d be surprised how many people told me they understood because it had happened to them,” she said.

Big and getting bigger

Ransomware was a growth industry among cybercriminals this year. McAfee Labs found an 80% increase in the number of ransomware software variants since the beginning of 2016. The company had recorded more than 3.8 million examples through the end of the third quarter.

Most ransomware demands require payment in digital currencies such as Bitcoin, which don't rely on traditional banking systems and are difficult, though not impossible, to trace. Cyence, a company that does economic modeling platform for cyber risk, has seen a steady uptick in Bitcoin usage, which it believes may be correlated with ransomware payments.

Law enforcement is very aware of the problem. The FBI urges anyone who's been hit with ransomware to report it, to give the agency a better sense of the scope of the problem. Victims can either reach out to their local FBI office or file a complaint with the Internet Crime Complaint Center, at www.IC3.gov.

Just plain wicked

Ransomware has become even easier to use recently with the rise of what's known as "ransomware-as-a-service." In this model, would-be cybercriminals don't even need to technical skills to actually run a ransomware campaign themselves. Just as real businesses do, they can buy time on a criminal network set up to run ransomware campaigns and then simply pay the "service provider" a percentage of the money they extort from their victims.

A particularly heinous new type appeared this week. Called Popcorn Time, it offers victims free decryption of their files — if they infect two of their friends with the virus.

The new ransomware variant demonstrates “how creative these miscreants are at coming up with new ways to spread their malicious efforts,” said Michael Patterson, CEO of security firm Plixer International.

Martinez had another name for it.

"That's just plain wicked," she said.