Modern field guide to security and privacy

Opinion: How to outwit digital Grinches armed with ransomware

Attacks that use malware to encrypt victims' data until they pay hefty ransoms are on the rise. Individuals and organizations can stay ahead of these ransomware assaults with some added digital vigilance. 

A holiday reveler wearing a Grinch mask in San Francisco.

There's a new kind of Grinch wreaking havoc this holiday season, lurking online to harass and extort hapless victims. While these digital scofflaws may be familiar to those who track goings-on in the dark corners of the digital world, their deeds are a growing scourge that requires vigilance and awareness of everyone online. 

In just the past few weeks, cybersecurity experts have charted a surge in attacks involving so-called ransomware – malware that infects computers with code designed to encrypt files until victims pay ransom. It has become such a problem that Sen. Ron Wyden (D) of Oregon sent a letter to the FBI this month urging the agency to "explore all legal options" to stop the spread of ransomeware. Senator Wyden noted that the FBI has received some 1,000 complaints in 14 months regarding a popular strain of the malware that caused $18 million in losses for victims.  

The trouble is that it doesn't seem like the ransomware problem is going away anytime soon. In fact, with the rise in sales of ransomware toolkits and malware on the Dark Web – and even hackers advertising their services to hijack computers – cybersecurity experts say these types of malicious attacks will increase throughout the next year.

In the first quarter of 2015, McAfee Labs reported a 165 percent surge in ransomware. In the second quarter, it logged more than 4 million samples of ransomware, including 1.2 million that were new variants. Today, ransomware payloads are even delivered via vulnerabilities in popular websites. It's clear that ransomware is rapidly evolving. It's big money for cybercriminals, as payments range from a few hundred dollars to as much as hundreds of thousands of dollars. 

While ransomware was initially aimed at individual computers, over the past six months we've seen ransomware attacks on more and more businesses and banks. And whereas ransomware was initially spread through spam and spear phishing attacks, newly developed variants might steal files, data and passwords (which presumably would be returned upon payment of a ransom) or conduct distributed denial of service, or DDoS, attacks upon the victim.

Though there are no foolproof measures to defeat a ransomware attack, there are counter-measures that businesses and individuals can take to avoid having to pay the ransom to get their files back. In our recent book, “Navigating the Cybersecurity Storm, a Guide for Directors and Officers,” we expanded upon a couple of solutions that relate to ransomware and the delivery vectors that are used infect computers.

First, employee training is paramount. At its most basic, ransomware is delivered through directed e-mail attacks to individual computers. These e-mails are socially engineered so that, to the recipient, they look like they came from their employer, their bank, or even from a colleague. We exhort clients, "Don’t click on the link."

Second, we urge cyber-resiliency. Companies need to be able to withstand a cyber roundhouse hook to the chin and to be able to get off the canvas and back into the game. A battle-tested incident response plan can help identify a problem at the earliest possible second and eradicate a potential problem before it becomes a real crisis. 

A tested "business continuity plan," that includes a regimented backup policy and procedure (where the backup media is divorced from the network system, like the cloud) will allow the under-attack company to just say no, and backup their network or computer after deleting infected files.

For individuals whose home computer is affected with ransomware, the choice to pay the ransom might be tougher to resist. Often times, the price to reclaim your files might be minimal as opposed to the hours it might take to restore your files with the back up you made the week before. The key here is to ensure your computers have updated software and regularly backup files to external hard drives.

You might not have been very diligent in backing up your home computer to the point where you might be able to say "bugger off" to the attacker. There are no hard and fast rules here other than if you pay the ransom once, who is to say that the attacker might not come back for a second bite at the apple.

Unfortunately, ransomware is here to stay despite efforts by security companies to identify and locate encryption keys. It is a relatively cheap, effective way to steal money from companies and individuals. Many organizations simply pay the ransom and never report the crime to the authorities. And given the ability of cyberattackers to quickly engineer new variants of ransomware, these attacks are may be difficult to defend against.

But with some preparation and vigilance on the part of consumers and businesses, we can ward of these digital Grinches using ransomware to swipe our loot. 

Paul A. Ferrillo is counsel in the New York office of Weil, Gotshal & Manges LLP. He is a member of the firm’s litigation department and the cybersecurity, data privacy, and information management practice.  

Austin Berglas is senior managing director and head of US cyber investigations and incident response at K2 Intelligence and is based in New York.


You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Opinion: How to outwit digital Grinches armed with ransomware
Read this article in
QR Code to Subscription page
Start your subscription today