Growing pay-offs and a high return rate have made ransomware the most dangerous criminal threat currently facing businesses and consumers connected to the Internet, security researchers warned in a new report Wednesday.
Ransomware infections detected by Symantec, an American security firm, increased by 36 percent in 2016 over the year before, the company said in its “Internet Security Threat Report” published Wednesday, evidenced in part by an array of recent cyberattacks suffered by targets ranging from colleges and law enforcement to hospitals and city governments.
In the event of ransomware infections, vulnerable computers are typically rendered unusable until its intended user pays a ransom to the responsible extortionist, usually in the form of untraceable cryptocurrency such as Bitcoin.
And as the number of ransomware infections detected surged in 2016, so did the amount being sought by cybercriminals, according to Symantec. The average ransom demanded spiked from $294 in 2015 to $1,077 in 2016, amounting to an increase of about 266 percent spike, the company said.
“So many people pay the ransom, criminals haven’t figured out a level people will not pay,” Kevin Haley, director of Symantec Security Response, told The Hill on Wednesday.
“We may see that average go even higher until that price ceiling is discovered when so many people aren’t willing to pay that much. But we haven’t hit it yet,” he added to CyberScoop.
About a third of worldwide ransomware infections detected last year targeted computers in the U.S., Symantec said. Incidentally, Americans are willing to pay a ransom to hackers about 64 percent of the time, according to the report – nearly double the global average of 34 percent.
“That’s a phenomenal number,” Mr. Haley told CyberScoop. “I always compare it to direct mail where if you get a 1 percent rate you’re doing really good. These guys get a 34 percent return rate. Extortion really pays.”
A survey of businesses previously infected with ransomware found that half of victims agreed to pay extortionists over $10,000, IBM Security reported last year.
Indeed, the Los Angeles Community College District paid nearly triple that amount the following month after a local college was sideline by a ransomware infection. Just this week, meanwhile, a ransomware attack reportedly infected city computers utilized by the government of Newark, New Jersey.
Separately, a European security firm said Wednesday that ransomware will likely continue to surge unless American prosecutors narrow their sights.
“If the U.S. pursues all the forms of potentially illegal payments, ransomware’s growth could be abated. Otherwise, we expect to see the new ransomware families we discovered in 2017 at least double,” Sean Sullivan, Security Advisor at F-Secure, said in a statement.
Wannabe hackers can purchase “ransomware toolkits” on the internet underground for as little as $10 and as much as $1,800, according to Symantec.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.