This new ransomware 'bluff' trick is costing victims big, even though their files are never really in danger
Cybercriminals are earning tens of thousands without really doing anything.
A ransomware attack is one of the simplest -- if nastiest -- ways for cybercriminals to make a quick buck: many organisations targeted with file-encrypting malicious software may feel that, in order to keep running, they have no option other than to give into ransom demands.
But despite ransomware becoming so prolific and accessible -- even the technically illiterate can pay for ransomware-as-a-service schemes on the Dark Web -- there are some cybercriminals who aren't even encrypting their victims' files, but rather use the fear of ransomware to scare victims into paying ransoms.
Instead of actually infecting the victim, they're bluffing a ransomware attack, duping target organisations into thinking they're network has been locked. This scheme is successful enough that businesses are being scared into paying a ransom when there really wasn't any need to, according to research by Citrix.
It said that two in five businesses have fallen victim to a 'bluff' ransomware attack, instances where criminals lie, telling the victim that they've blocked access to part of the target organisation's network, and demanding a ransom to return access to data they haven't encrypted in the first place.
Much like with real ransomware, victims of bluff ransomware will be greeted with a full-screen display, which in this case, falsely tells them that the files on the machine have been encrypted. The victim may also see a threatening message, which like many forms of real ransomware claims that if they attempt to bypass the full-screen display by rebooting or disconnecting their computer -- or finding a means of not paying up -- then their files will be deleted.
Ultimately, like real ransomware, bluff ransomware sees criminals attempting to put victims under pressure in the hope that they'll be too scared to bypass it and just pay up -- and it's working.
Of those who've fallen victim to a bluff ransomware attack, almost two thirds have actually ended up paying a ransom to the perpetrators, each time putting an average of £13,412 into the pockets of the nefarious actors carrying out these schemes. Two thirds of the large businesses have paid out between £10,000 and £25,000 after falling for this scam, while one in twenty has paid over £25,000.
"Cybercriminals on the lookout for easy wins and lucrative targets are taking advantage of fears around ransomware to make money from 'bluff' ransomware attacks. With so many UK businesses falling victim to these scams, learning to distinguish real threats from a false attack can save considerable sums," says Chris Mayers, chief security architect at Citrix.
Of those organisations which were attacked with bluff ransomware, 57 percent shared the information with the authorities.
However, less than a quarter of affected businesses shared the information that they'd paid a ransom with customers, partners, and suppliers.
"This research leaves a worrying impression that organisations may be treating ransomware as a cost of doing business -- just like shrinkage and fraud in some sectors. Yet this mentality may be resulting in British businesses paying out when it is not necessary, while simultaneously supporting cybercriminal activity," says Mayers.
Ransomware has boomed during 2016, with the cost of ransomware attacks amounting to to amount to more than $1 billion during the year.
Citrix commissioned One Poll to conduct an online survey of 500 IT decision makers at companies across the UK with 250 or more employees between 18th November and 25th November 2016.
Read more on cybercrime
- Remove ransomware infections from your PC using these free tools
- Progress in ransomware battle remains murky despite industry efforts [TechRepublic]
- Easy to carry out, difficult to fight against: Why ransomware is booming in 2016
- This ransomware targets HR departments with fake job applications
- Europol, Intel and Kaspersky team up to crack down on ransomware [CNET]