The reason for explosive growth in ransomware is simple \u2013 it has one of the best\u00a0business models in the game today<\/p>\n
<\/p>\n
To say ransomware is on the rise would be an understatement. From 2015 to 2016, attacks spiked 6000% according to this article citing IBM<\/a>. The reason for this explosive growth is simple \u2013 ransomware has one of the best\u00a0business models in the game today.\u00a0<\/p>\n When ransomware encrypts its target files it\u00a0in effect \u201csteals\u201d them, rendering them inaccessible. Normally data theft is the creation of a copy that then needs to be sold to a third party, but in this case no information actually goes missing.\u00a0By locking a target out of their data, ransomware \u201csteals\u201d the data and then sells it to a marketplace of exactly one \u2013 the target themselves. This is a key element to the success and growth of ransomware. It reduces the effort needed to profit from an attack.\u00a0<\/p>\n An experienced programmer or team of programmers can put together a ransomware product in relatively short order, providing they also have a means to break into a system. Alternatively, some hackers have created ransomware as a service (RaaS) operations, providing the means to extort others for incredibly low prices. According to this article on Threat Post, buying and using ransomware can cost between $39 – $3,000 for a lifetime license<\/a> to the code. Considering that the most recent WannaCry outbreak charged $300 minimum for unlocking your data \u2013 there’s a huge potential for upside if you can infect even just a few computers.<\/p>\n With cash flow being the lifeblood and main draw of executing ransomware attacks, a clean and untraceable way to wire money is essential for a safe operation. Services such as Bitcoin allow for an anonymized payment system that can reliably be turned into untraceable cash or hard to follow money transfers. While Bitcoin is certainly striving to be a legitimate currency, it is to ransomware as PayPal is to eBay, a smooth way for money to flow. While the typical Internet user isn’t Bitcoin savvy, the ransomware can provide a link to an exchange where they can be bought by entering a credit card number.<\/p>\n Anyone who uses the internet and stores data on their computers is a potential \u201ccustomer\u201d for ransomware. Everyone has data they want to keep. The only barrier is the price being asked, which is often low enough to ensure that payment is considered viable (but unpalatable) option.\u00a0<\/p>\n Similarly, any company or individual whose network is infected becomes a prospect,\u00a0making it easy to model out potential revenues and profit based on the number of infected prospects and the percentage that will be willing to pay. By offering \u201cstolen\u201d data back to the original owner, a ransomware provider has instantly created a uniquely superior and highly-targeted product.\u00a0<\/p>\n There isn’t much in the way of customer satisfaction to worry about when running a ransomware operation. Most of the overhead that other businesses run into are mitigated or nullified by both the simplicity and illegality of ransomware software. A ransomware operation doesn’t need to run customer support, doesn’t require marketing or PR and certainly doesn’t need salespeople.<\/p>\n That said, it is surprising what efforts hackers borrow to make their targeting and payment processes as sophisticated as commercial operations. This includes geo and language targeting, well designed usability for their ransomware, and clearly written calls to action with supporting documentation and FAQs. It is almost like a \u201creal\u201d business. One thing they do need is easy access to email lists for phishing; but these are readily available in the black market and tools exist that guess common email addresses using recognized patterns like, \u201cfirstname.lastname@company.com<\/a>\u201d.\u00a0Remember that you don’t have to get it right every time since the cost to send an email is very low.\u2003<\/p>\n At the end of the day, a ransomware operator is setting up a business that has low overhead, an established and growing market, little barrier to entry and has an easily identifiable prospect list –\u00a0everything an\u00a0enterprising entrepreneur would jump at. Before you consider it, look at Security Week’s article how well paid these similar (but legit) career options<\/a> are without the risk of jail time.\u00a0<\/p>\n If you are concerned about ransomware affecting you or your business, the Internet Society has put out some good guidelines on how you protect yourself<\/a>.\u00a0For corporate protection CIRA offers our D-Zone DNS Firewall service which helps to block \u00a0ransomware from its source. Read more about it on our website.<\/a>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":" The reason for explosive growth in ransomware is simple \u2013 it has one of the best\u00a0business models in the game today<\/p>\n","protected":false},"featured_media":2859,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"ngg_post_thumbnail":0,"slim_seo":{"title":"The business of ransomware - easy money fueling an entire industry - CIRA","description":"The reason for explosive growth in ransomware is simple \u2013 it has one of the best\u00a0business models in the game today To say ransomware is on the rise would be an"},"footnotes":""},"topic":[28],"class_list":["post-42340","cira_news","type-cira_news","status-publish","has-post-thumbnail","hentry","cira_news_type-cira-news-type-blog","cira_topic-cira-topic-cybersecurity","cira_author-alex-johnson"],"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/stg-saas.cira.ca\/en\/wp-json\/cira\/v1\/news\/42340","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stg-saas.cira.ca\/en\/wp-json\/cira\/v1\/news"}],"about":[{"href":"https:\/\/stg-saas.cira.ca\/en\/wp-json\/wp\/v2\/types\/cira_news"}],"version-history":[{"count":0,"href":"https:\/\/stg-saas.cira.ca\/en\/wp-json\/cira\/v1\/news\/42340\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/stg-saas.cira.ca\/en\/wp-json\/wp\/v2\/media\/2859"}],"wp:attachment":[{"href":"https:\/\/stg-saas.cira.ca\/en\/wp-json\/wp\/v2\/media?parent=42340"}],"wp:term":[{"taxonomy":"cira_topic","embeddable":true,"href":"https:\/\/stg-saas.cira.ca\/en\/wp-json\/cira\/v1\/topic?post=42340"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Why does the ransomware work?\u00a0<\/h2>\n
There is minimal barrier to entry\u00a0<\/h3>\n
Difficult to trace\u00a0payment\u00a0\u2013 Bitcoin\u00a0and other cryptocurrency<\/h3>\n
Markets and prospects are well-defined \u2013 revenue easily modeled<\/h3>\n
Low overhead<\/h3>\n
There are better career choices that don’t involve going to jail<\/h2>\n