Ransomware: How high will the demands go?

Hackers will infect a wider variety of platforms, specifically target important systems, and demand higher ransoms, warn researchers.
Written by Danny Palmer, Senior Writer
pound notes in envelope

Even security experts say that in the worst-case scenario, the best way to respond to malware is to pay the ransom.

Image: iStock

The ease of which cybercriminals can deploy ransomware means that it is likely in the future that this type of cyberattack will become more common and will target more platforms, while hackers will demand bigger ransoms.

Cybersecurity researchers at Unit 42, the Palo Alto Networks threat intelligence team, have described cryptographic ransomware as "one of the greatest cyberthreats facing organizations around the world" in a new report called Ransomware: Unlocking the Lucrative Criminal Business Model. The claim comes shortly after Kaspersky researchers dubbed ransomware as the biggest cybersecurity threat.

One of the key reasons this type of attack is growing so significantly, said report author Bryan Lee, is that cybercriminals have "realized ransomware is a lucrative business with little or low cost barriers to entry" and are therefore easily capable of running a criminal business model based around it.

While previously ransomware predominantly targeted Windows systems, hackers are extending their reach, with malicious, file-locking software now targeting other operating systems.

Android devices, for example, have been targeted by Dogspectus ransomware, while Linux systems are also increasingly at risk from crypto-ransomware. Meanwhile, Mac OS X has been hit by the recently discovered KeRanger malware.

Ransomware is only going to become more powerful, Lee said, because "nearly all computers or devices are potential candidates for ransom".

This trend leads Unit 42 to speculate that as more and more devices are connected to the web, more platforms will become potential targets because "no system is immune to attack, and any device that an attacker can hold for ransom will be a target in the future".

This, researchers said, leads to the prospect of Internet of Things related ransomware attacks, although extracting a ransom would provide something of an issue for the hackers.

"While an attacker may be able to compromise an internet-connected refrigerator, it would be challenging to turn that infection into a revenue stream," the report said, but nonetheless added "the attacker could remotely disable the cooling system and only re-enable it after the victim has made a small payment".

Palto Alto Networks also warns that targeted ransom attacks could enable cybercriminals to get their hands on the back-end infrastructure required to cause significant damage within a network.

"Once inside a network, attackers can identify high-value files, databases, and backup systems and then encrypt all of the data at one time," the report suggested -- and pointed to malware families such as SamSa which can be deployed manually into an infected system.

As ransomware becomes more dangerous, researchers fear that cybercriminals will use its increased power to extract higher ransom payments from victims. Currently, the majority of ransomware perpetrators demand between $200 and $500 -- usually in bitcoin -- before they release the victim's system.

There are, however, an increasing number of instances where cybercriminals are demanding much higher payments, with hackers reportedly demanding millions of dollars when they locked down a Hollywood Hospital earlier this year. In that instance, the hackers walked away with $17,000 in bitcoin in exchange for unlocking the infected systems.

"If attackers are able to determine that they have compromised a system which stores valuable information, and that infected organization has a higher ability to pay, they will increase their ransoms accordingly," the researchers said.

While there are various means of defending against a ransomware attack -- such as regularly backing up data, endpoint control, and good old-fashioned firewalls -- researchers suggested that organisations should plan what to do in the event their prevention controls fail, and that could even include paying a ransom.

"Part of any ransomware response plan should include details on how to facilitate the payment in the worst-case scenario," they said.

Read more on cybercrime

Editorial standards