Ransomware, the word alone evokes fear into many companies. How did this form of crime actually start? In 1989, Dr. Joseph L. Popp created the first ransomware called the “AIDS Trojan.” This trojan virus encrypted files on a computer after rebooting a number of times. Fast forward to 2006, Archiveus, a computer virus that affected Microsoft Windows encrypted files and required a user to purchase something on a specific website to obtain passwords to decrypt files. A few years later, Bitcoin hit the scene, providing attackers a new way of receiving ransom money while allowing them to remain anonymous. By 2011, there were over 60,000 ransomware incidents. In 2013, CryptoLocker, one of the most well-known, most aggressive, and most successful ransomware attacks cost users 3 million dollars. By today’s standards that amount may seem tiny, however, if we used today’s value of a Bitcoin, it would be equivalent to hundreds of millions of dollars. CryptoLocker infected over 500,000 machines; you can see how far ransomware has come.
Today, we have witnessed a number of ransomware attacks, Colonial Pipeline, ACER, JBS Foods, AXA, CNA, to name a few. These attacks thus far have cost businesses over $50 million dollars this year, with ransomware sums exceeding $40 million dollars.
Ransomware attackers have evolved and become bolder; learning that they could ask for more money and take copies of data to use as leverage. But what happens when the big firms and usual large targets of ransomware get more savvy and have better ways of protecting data and ensuring that data is safe even when copies of it are taken? Will ransomware actors be out of a job? No! Who might they target next? You, the individual! When firms stop paying, ransomware actors will turn their attention to you, a friend, sibling, spouse, parent, grandparent, or even a child.
Let us look at today; Ransomware actors have done their homework and know that their victims are willing to pay to ease the pain of having to deal with ransomware. They also know they can take copies of data to use as leverage. Most individuals do not have the layers of protection in place to protect their personal data at home. They do not have the resources and technical know-how to detect or prevent these attacks. People have lots of personal data that they do not want others seeing. Data that they would be willing to pay a few hundred to a few thousand dollars to avoid have being made public. With billions of people connected to the internet from multiple devices, ransomware attackers have the potential to hit the jackpot. How are they going to do it? By targeting us, multiple individuals with a wealth of personal data.
This Cybersecurity month, take the time to get your personal devices secured, be prepared, get educated, and start considering how you or others you know will react to these incidents when they happen. For more information on how to secure your business or yourself, we invite you to have a discussion with us.