Even nonexperts wage cyberattacks with ransomware
New digital tools allow hackers to hold data hostage.
Hackers SAN FRANCISCO — are discovering that it is more profitable to hold your important data hostage than it is to steal it.
A decade-old internet scourge called ransomware went mainstream Friday when cybercriminals seized control of computers around the world. On Saturday, investigators were not yet able to tell who was behind the attack as security experts around the world raced to contain it.
Ransomware is nothing new. For years, there have been stories of individuals or companies horrified that they have been locked out of their computers and that the only way back in is to pay a ransom to someone, somewhere who has managed to take control.
But with the advent of new tools that wrap victims’ data with tough encryption technology, hard-to-trace digital currency like bitcoin, and even online sites that offer to do the data ransoming in return for a piece of the action, hackers have become emboldened.
“You don’t even need to have any skills to do this anymore,” said Jason Rebholz, a senior director at the Crypsis Group who has helped dozens of victims of ransomware.
Ransomware has allowed people who are not computer experts to become computer thieves.
It used to be that hackers had to be a little creative and skilled to get money out of people. There were fake anti-virus scams that promised to clean up your computer — for a fee. Sometimes they resorted to Trojan horse programs that lie in wait on e-commerce or banking sites, ready to get your credit card numbers.
And there was old-fashioned hacking, grabbing all sorts of personal credentials that could be sold on the dark web.
But computer criminals are discovering that ransomware is the most effective way to make money in the shortest amount of time.
It should not have been a shock. As our data has become our lifeline, cybercriminals have elevated their game and their demands.
Just five years ago, attackers in Eastern Europe were locking up victims’ computers and demanding ransoms of $100 to $400 to unlock them.
But the idea of paying a criminal on the internet was still foreign, and most important, technicians and security experts could find ways to unlock computers without caving on the ransom. In 2012, security experts estimated that fewer than 3 percent of victims paid.
These days, it’s a 50-50 split between those who pay the ransom and those who refuse, either because they have adequate backups, are philosophically opposed or simply cannot afford to pay. Ransoms now range from as little as one bitcoin, which equates to roughly $1,700, to as many as 30 Bitcoin, nearly $51,000, with the median ransom equating to four bitcoin, or nearly $7,000, according to researchers at the Crypsis Group.
Bitcoin has given cybercriminals an easy and anonymous way to get their profits, and it is much harder to track than credit cards or wire transfers.