Ransomware and Crypto Malware
Because of its meteoric rise in popularity among criminals in just the last few years, let’s go ahead and talk about the infamous ransomware.
Ransomware has gained popularity in recent years due to a few factors:
- Profitability — criminals can make eye watering sums of money using this type of attack
- Cryptocurrency has reduced some of the risks of ransomware from an attacker’s perspective — at least to some degree
- It can cripple an organization — increasing the odds of a high-impact attack with a payout
Ransomware vs. Crypto malware
A quick note before we move forward that I want to cover is that the terms ransomware and crypto malware do have slight differences.
Crypto malware is referring to a type of malware that encrypts data to make it unusable, and a decryption key or tool is required to retrieve the original data back.
Ransomware is a broader term meant to define any type of malware that can be used to create a ransom situation. Ransom situations are not always caused by encrypting data — you could have malware that denies access to your operating system unless you pay the ransom. These are actually called Lockers or Locker-ransomware, and its typically seen more often with Android-based devices.
Or, in more subtle ways, you may download a free antivirus or antimalware program that claims your computer is infected, but before you can see what’s infected your computer or how to remove the infection, you must pay to upgrade to a pro license. This can be referred to as Scareware.
So when we’re talking about ransomware, assume that we could be talking about any form of malware used to create a ransom situation, which also includes crypto malware.
When we’re talking about crypto malware, we’re talking about malware that encrypts data to make it unusable by its owner, typically to then turn around and request a ransom.
With that out of the way, let’s talk about the main reasons why this type of threat has been rising in recent years.
Profitability is the first and foremost driver of financial crimes. If a criminal is going to risk jail time, they’re going to have to weigh the pros and cons of the expected reward and the effort needed to get that potential reward.
Another way to put it is that if all organizations stopped paying ransoms starting tomorrow, then ransomware would quickly cease to exist, or would at least shift to being used for non-monetary reasons. But, because criminals and criminal organizations are getting paid ransoms, we are continuing to see an increase in ransomware attacks.
This has caused debates in the industry, where some people think that paying ransoms should become outlawed, while others don’t believe that organizations should be forced one way or another, and that it should instead be a decision that they make.
While computer crimes have existed for as long as computers have been accessible to the general population, and ransomware is not a new concept, cryptocurrency has helped fuel ransomware attacks because of how easy it makes to move millions of dollars worth of crypto across national boundaries — all within just seconds.
Cryptocurrency exchanges are public ledgers, meaning that anyone can watch transactions, but it can be very difficult to track exactly who owns what wallets. Attackers can potentially own hundreds of different wallets, which they can use to launder funds. Once properly laundered, it can be very difficult if not impossible for feds to track those funds, and so they can then be used by criminals to purchase every day items.
These attacks can be crippling to organizations
If you’re the CEO of a large organization hit by ransomware, and your finance team has calculated that every hour the organization is crippled by ransomware is costing your business $1 million. The IT team reports back that, at a minimum, it will take backups 10 hours to restore operations.
You’re faced with a decision:
- Do I pay the ransom of $5 million?
- Do I wait it out and lose out on over $10 million?
More often than not, shareholders would prefer that the CEO go with the option that ends up costing the company — and them — the least amount of money. Sometimes, however, they may want to stick to their guns out of sheer principle.
With all of this said, ransomware is not going anywhere any time soon, so it will be interesting to see how organizations and governments adapt. We’ve already seen high-profile arrests, and I would be surprised if they don’t continue to happen in the coming years.
While the world figures that out, make sure that you focus on the differences between crypto malware and ransomware, and then move on to the next lesson!