Criminals no longer need to risk having their collar felt while climbing out of someone’s window – they can simply get hold of some ready-made ransomware designed to help them commit fraud.
Ransomware-as-a-Service (RaaS) is a growing industry, as an army of hackers and coders operating on the dark web offer an array of tools. These products usually operate on an affiliate basis, with the original author taking a cut of any ‘earnings’.
Ransomware operates like any other virus – infecting a host machine when a user clicks on something that appears to be innocuous, such as an email or link on a social media site.
This action triggers the download of a malicious file which then encrypts the user’s files and demands they pay for a decryption key. Ransoms typically range from $300 to $500, with prices often going up if victims don’t pay. Unlike real life burglary, the criminal doesn’t need to be present. They don’t even have to know about the crime their tool has triggered.
Start-up costs are tiny, compared with the potential rewards, and the incentive is strong, considering how hard it is for law enforcement to operate on the internet.
Who is at risk from Ransomware?
Ransomware targets all users – both professional and private individuals – and it’s big business. eWeek recently reported that ransomware netted cybercriminals more than $1 billion in 2016, mostly from individuals and small businesses.
The anonymity of bitcoin is a contributing factor in the fast growth of the fraud. Chris Young, CEO of Intel Security, stated: “It wasn’t until the advent of Bitcoin in our society that ransomware was able to take off. Because now, as an attacker, I can anonymously monetize my target.”
Another problem is the number of victims who pay the ransom. The fact is that many users and organisations do eventually pay up and this likelihood of success encourages the fraudsters.
How to protect yourself from an attack
Providing total protection from ransomware is impossible and our advice continues to be based around best practice guidelines.
- Avoid opening suspicious-looking links or attachments.
- Always have a back-up system in place
- Use reputable antivirus software and keep all functions switched on
- Ensure all software on your computer and smartphone is up-to-date