First published: 27th September 2016
In The Adventures of Huckleberry Finn by Mark Twain, Tom Sawyer and his gang of boys have decided to take up a life of adventure, becoming highwaymen, capturing their victims and ransoming them. But they encounter a problem, none of them know what ransom means:
"Well I don't know. But per'aps if we keep them till they're ransomed, it means that we keep them till they're dead."
The prospects for their endeavour are dim and nothing comes of it.
Perhaps the ransomware that plagues our computers today is about to fall to a similar misunderstanding. I will make a bold prediction, that perhaps will haunt me in years to come: 2016 is the year of Peak Ransomware. I don't mean that ransomware will disappear entirely, just that the prevalence and the money made from ransomware will be at its highest this year.
Malicious software that demanded a ransom has a long history, starting with the AIDS diskette in 1989. The idea of using public key cryptography emerged in 1996 but it was the utilisation of Bitcoins for untraceable payments that led to the current epidemic of ransomware that started in 2013. The criminals that started the trend knew their business, they were successful because:
- Victims were unprepared.
- Strong, public key cryptography made the data inaccessible without the key.
- Bitcoins made the payments essentially untraceable.
- The criminals valued their reputation and provided "customer" support (F-Secure has a fascinating review of ransomware customer support services).
Therefore, victims could only get their files back by paying and catching the criminals was unlikely. However, if the victim paid, then they would get the help they needed to recover their data, so paying the ransom was a viable way out for many victims.
What has changed?
- Criminals that don't understand the business model have entered the "market":
- Some ransomware has predictable or crackable keys, so decryptor tools are available.
- Fake ransomware that just trashes the victim's files before demanding a ransom has emerged.
- INTERPOL and police forces are endeavouring to analyse Bitcoin transactions.
Victims therefore see more chance of data recovery without paying the ransom, and the possibility of not getting their data after paying, so fewer victims will pay. The lazy and incompetent criminals ruin the reputation of the competent criminals too, reducing their profits. Add the threat that the police might soon trace the transactions, and smart criminals will be abandoning ransomware and looking for new opportunities. The remaining ransomware will deteriorate in quality.
How do you become part of the victory over ransomware? Take regular backups! With recent, offline backups to rely on, you can laugh at the ransom demand.