There is plenty of evidence to suggest that ransomware attacks are getting bigger and more sophisticated. In the space of just a few years ransomware has gone from a minor irritation for PC users to being a significant threat to large corporations and even nations. Major cybercrime gangs are looking to cash in on attacks, and state-backed attackers have realised the potential for creating both chaos and profit.
A few examples of the scale of the ransomware problem:
Ransomware is now the defining internet crime of our current age. It's the inevitable consequence of the corporate world's obsession with hoarding as much data as possible, about anything and anyone, and its relaxed attitude towards keeping that data safe.
Businesses have been urged to gather up every bit of data about every customer engagement, every supplier interaction, in the hope that it can be trawled by artificial intelligence and big data technologies to provide insight and direction. But for many organisations the security of that data remains an afterthought at best. That leaves many in the situation of having vast piles of sensitive information but no guidelines for keeping it safe. If organisations aren't sure why they're collecting data they won't be clear about why they need to protect it, either.
In another twist, ransomware uses encryption, one of the key technologies we use to do business and communicate online, as a tool to lock away data from its rightful owner.
In some respects, the solution to the ransomware crisis is relatively simple. Basic internet security hygiene will prevent the vast majority of attacks before they have a chance to gain a foothold. A few of the most obvious steps to take:
Sadly, there will still be organisations large and small that fall victim to ransomware, as gangs become more sophisticated in how they work. Managed service providers and network attached storage are among the recent additions to the ransomware gangs' targets; they won't be the last.
There's every sign that this is an epidemic that will get worse, not better. The willingness for victims and their insurers to pay out means more crooks will be tempted to try their hand. Ransomware-as-a-service kits mean even wannabes with limited skills can try their hand at a running a scam. While some law enforcement agencies have done a good job of providing the tools to let victims decrypt their systems few ransomware gangs have faced justice.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
Already there are fears that ransomware could be used against voter databases in the run up to the 2020 US presidential election. A ransomeware attack which makes it impossible for some people to cast their vote would have huge consequences. And it's hardly implausible to see criminals and state-backed hacking groups trying to expand the use of ransomware across more devices and scenarios in the near future. As we get more reliant on everything from smart cities to driverless cars the risks get greater.
Ransomware offers crooks a vast number of potential victims, who they can target with a cheap-to-deploy scam with a big payday and very little chance of getting caught. Perhaps the real surprise is not that there are so many ransomware attacks, but that there are not many, many more.
The Monday Morning Opener is our opening salvo for the week in tech. Since we run a global site, this editorial publishes on Monday at 8am AEST in Sydney, Australia, which is 6pm Eastern Time on Sunday in the US. It is written by a member of ZDNet's global editorial board, which is comprised of our lead editors across Asia, Australia, Europe, and North America.