Ransomware is responsible for the biggest cyberattack the world has ever seen.
The technique of using a computer virus to hold data hostage has been around for decades, gaining more notoriety in recent years. But the massive attack that has spread around the world since Friday has taken it to a whole new level.
“It’s only going to get worse and worse and worse,” said Michael Gazeley, managing director of cybersecurity firm Network Box. “And it’s absurd because companies have had years to prepare for this.”
Here’s the lowdown on the malicious software scam:
How ransomware works
At its heart, ransomware mimics the age-old crime of kidnapping: someone takes something you value, and in order to try to get it back, you have to pay up.
For it to work, computers need to be infected with a virus, which is usually accomplished by tricking someone into clicking on a link.
Imagine, for example, you’re sitting at your computer and you receive an email that pretends to be from a well-known organization, like Fedex. The email says Fedex just tried to deliver a package, the delivery guy is still in the area, and if you click on the link, he will attempt to deliver it again in the next couple hours.
“It all looks so real,” Gazeley said. “They’re creating a sense of urgency, click on the link to get my parcel right now.”
Ransomware can also be spread by clicking on an attachment.
In recent years, emails used to distribute ransomware typically contained documents like fake mail delivery notifications, energy bills or tax returns, according to a 2015 report from security company Symantec.
Once users click on the link or attachment, the ransomware encrypts the computer’s hard drive, locking people out of computer files, including photos and music libraries.
A screen will appear threatening to destroy the files unless a ransom is paid.
Ransomware attacks aren’t new, but here’s what is
The first known ransomware attack, dubbed AIDS Trojan, happened in 1989, according to Symantec. The payment demanded was $189.
It was ultimately unsuccessful because few people used personal computers at the time, and the internet was mostly used by science and technology experts. Also, international payments weren’t as common back then.
Fast forward to today: a huge amount of data is regularly stored on computers, people are connected to the internet via an array of devices, and sending money internationally takes little more than a swipe and a tap.
That’s what makes modern ransomware attacks so painful. Most people would panic if they got locked out of their computers. Extorted companies lose productivity, and in the case of hospitals locked out of patient files, lives are potentially on the line.
“The way ransomware is spread now, it’s so efficient, it’s so effective, it’s sort of — to quote an ironic phrase — going viral,” said Gazeley.
Ransomware makes for thriving business operations
Hospitals in the UK falling victim to WannaCry received a lot of attention. But experts say it was an equal opportunity attack, targeting everything from hotels to fashion companies.
Gazeley likened the attack to someone shooting indiscriminately into a crowd with a machine gun and striking a grandmother or a baby. “You can’t say you didn’t mean to hit them, you shouldn’t have been shooting into a crowd in the first place,” he said.
But cybercriminals treat these attacks like a business, casting a wide net to get the most bang for their buck.
Some even have ransomware help desks, giving victims a few files back for free to reassure them they are not being completely conned.
But freeing the rest of your files and data will cost you. The average ransom amount is $300 per computer, and the favored payment is bitcoin, according to Symantec.
That may seem like a relatively small amount of money, but experts say asking for an affordable sum means hackers are more likely to get paid.