Thoughts on Ransomware

Lately I’ve been interested in ransomware and, to an extent, criminal psychology.  Reports of ransomware have been all over the news, with city governments and public institutions being increasingly targeted. And why not? As far as financially motivated cybercrimes go, it is a very lucrative model. Breaking into a computer is comparatively easy to finding a way to monetize stolen data. Stolen credit cards can be cancelled. Hiding profits from the police can be hard. Financial intermediaries often leave a money trail.

What is clever (albeit devious) about the ransomware model is that it is able to generate profit from data that would otherwise be worthless on the dark web. Will criminals pay top dollar on an underground forum for your puppy photos, files, recipe collection, or family video clips? Doubtful (unless it is Wyatt, but I digress). The very same data that would be worthless to most criminals is of immense value to the people it belongs to. Ransomware exploits this by selling data back to the only person in the world for which it has value.

It is difficult to combat – individuals must bear the costs directly. And it is going to get worse as criminals start to target other industry sectors. How do we combat it? The encrypting variants are the worst culprits because they will encrypt and lock your files – unless you have a backup, you are SOL (sorry). Keep your PC up to date. Ensure you have an active fire wall. Turn OFF Adobe Flash. Don’t open questionable links. Backup your data often – the best bet is to invest in an external hard drive that can be detached and isolated.

These are short term solutions. I am still thinking about long-term ways to combat this threat – chime in if you have some ideas.