Top targets for ransomware creators and distributors
Clearly, ethics or morality have no weight in today’s money-hungry cyber crime business. “There is honor among thieves” was tossed out the window a long time ago.
That leaves us with to dig out the reasons why online criminals choose to target various types of Internet users. This may help you better understand why things happen as they do right now.
Why ransomware creators and distributors target home users:
- Because they don’t have data backups;
- Because they have little or no cyber security education, which means they’ll click on almost anything;
- Because the same lack of online safety awareness makes them prone to manipulation by cyber attackers;
- Because they lack even baseline cyber protection;
- Because they don’t keep their software up to date (even if specialists always nag them to);
- Because they fail to invest in need-to-have cyber security solutions;
- Because they often rely on luck to keep them safe online (I can’t tell you how many times I’ve heard “it can’t happen to me”);
- Because most home users still rely exclusively on antivirus to protect them from all threats, which is frequently ineffective in spotting and stopping ransomware;
- Because of the sheer volume of Internet users that can become potential victims (more infected PCs = more money).
Why ransomware creators and distributors target businesses:
- Because that’s where the money is;
- Because attackers know that ransomware can cause major business disruptions, which will increase their chances of getting paid;
- Because computer systems in companies are often complex and prone to vulnerabilities that can be exploited through technical means;
- Because the human factor is still a huge liability which can also be exploited, but through social engineering tactics;
- Because ransomware can affect not only computers, but also servers and cloud-based file-sharing systems, going deep into a business’s core;
- Because cyber criminals know that business would rather not report ransomware attacks for fears of legal or reputation-related consequences;
- Because small businesses are often unprepared to deal with advanced cyber attacks (which ransomware is) and have a lax BYOD (bring your own device) policy.
Why ransomware creators and distributors target public institutions:
- Because public institutions, such as government agencies, manage huge databases of personal and confidential information that cyber criminals can sell;
- Because these institutions ofttimes lack appropriate cyber defenses that can protect them against ransomware;
- Because the staff is not trained to spot and avoid cyber attacks (ransomware often leverages the human factor weakness to trigger the infection);
- Because public institutions often use outdated software and equipment, which means that their computer systems are packed with security holes just begging to be exploited;
- Because ransomware has a big impact on conducting usual activities, causing huge disruptions;
- Because successfully attacking public institutions feeds the cyber criminals’ egos (they may want money above all else, but they won’t hesitate to reinforce their position in the community about attacking a high-profile target).
In terms of platforms and devices, ransomware doesn’t discriminate either. We have ransomware tailor-made for personal computers (too many types to count, but more on that in “The most notorious ransomware families” section), mobile devices (with Android as the main victim and a staggering growth) and servers.
Fig. 12: The number of users encountering mobile ransomware at least once in the period April 2014 to March 2016
Source: KSN Report: Mobile ransomware in 2014-2016
When it comes to servers, the attack is downright vicious:
Some groups do this by infiltrating the target server and patching the software so that the stored data is in an encrypted format where only the cybercriminals have the key to decrypt the data.
The premise of this attack is to silently encrypt all data held on a critical server, along with all of the backups of the data.
This process may take some time, depending on the organization, so it requires patience for the cybercriminals to carry it out successfully.
Once a suitable number of backups are encrypted, the cybercriminals remove the decryption key and then make their ransom demands known, which could be in the order of tens of thousands of dollars.
This prompted the FBI and many other institutions and security vendors in the industry to urge users, companies and other decision-makers to prepare against this threat and set up strong cyber protection layers.
Attacks on critical infrastructure (electricity, water, etc.) could be next, and even the thought of that can make anyone shudder.