Wulf's Webden

The Webden on WordPress

Ransomware: evolution and questions

| 0 comments

Ransomware continues to affect targets around the globe. This type of malware encrypts data on target systems and makes the offer of unlocking it in return for payment of a ransom. Earlier this decade, such attacks normally affected individuals although sometimes they would spill out onto networks they were attached. The game has shifted though and larger organisations seem to have become the primary target, such as in this recent story about a US city.

It is a global problem although US cities seem to attract particular attention. I did some searching and found a map of recent reported cases in the USA (from here), which shows that health and educational institutions are also common targets. I did wonder about the distribution of attacks but it largely follows the pattern of US population density.

What I would be interested to know, and haven’t been able to track down yet, is how many places get hit twice or more? I would hope that those organisations that pay the high cost of refusing the ransom and fixing their own systems come out of the experience with more resilient setups, on a par with those that have shrugged off such attacks (for example, the St John Ambulance organisation in the UK was recently reported to have weathered such a storm). I would also be interested to see if those who pay their ‘Danegeld‘ tend to get hit again, either by the same or other attackers. Perhaps, instead, they pay the ransom and pay for improved protection.

Meanwhile, in terms of personal defences, it is vital to have back ups of everything important, which you know you could restore from. They need to be kept current and you need copies stored in locations that aren’t directly accessible from anything that goes rogue on your main system.