![\"Everyone](\"http:\/\/blog.trendmicro.com\/wp-content\/uploads\/2017\/01\/money-children-300x169.gif\")
<\/p>\n<\/p>\n
I used to love sitting on the floor and watching Saturday morning cartoons. One of my favorite gags was when a character got really, really hungry. In order to emphasize the point, everything and everyone around them turned to food.<\/p>\n
The newspaper stand owner became a large hand. The baby in a stroller was suddenly a roast chicken. The parent rolling that stroller was a hot dog.<\/p>\n
Everything in the scene reinforced the point that eating something was an all-consuming thought.<\/p>\n
Cybercriminals think of Internet users in a similar way.<\/p>\n
When a criminal looks around, they see every internet user turned to Dollars, Yen, Euros, and Yuan. All of these users are there to nourish the criminal\u2019s wallet instead of their stomach.<\/p>\n
This is the comparison that came to mind as I read through Jon\u2019s summary<\/a> of the ISMG survey on ransomware<\/a>.<\/p>\n The survey lays out a dismal landscape. More than 50 percent of those polled have been victims of ransomware in some way, shape, or form recently. Nineteen percent are being attack more than 50 times per month and a disturbing 42 percent don\u2019t know how often they\u2019re being attacked with ransomware.<\/p>\n These stats should be major warning flags for defenders.<\/p>\n Despite our efforts, users are still being attacked by ransomware and we\u2019re only going to see an increase in efforts in 2017.<\/p>\n Even though predictions are usually hit or miss (though I like to think Trend Micro\u2019s<\/a> are a tiny bit more accurate), I\u2019m confident making that statement. I\u2019ll even go a step further. In 2017 we\u2019re going to see more variants, attacks, and high profile payouts.<\/p>\n The reason is simple: money<\/b>.<\/p>\n In early 2016, Mikko Hypponen spoke to a statistic<\/a> pulled from research done at F-Secure. Mikko<\/a> said that the 40 criminal gangs they were tracking had pulled in $300 million Euros (~$318 million USD) over the past two years (covering 2014\u20132015). That\u2019s about $13 million USD a month.<\/p>\n Looking back at 2016, speculation has the total take home for criminals at 1 billion USD<\/b> and\u2014as stated in the article<\/a> \u2014I think that might be low.<\/p>\n That\u2019s a 1 billion reasons to continue to invest in this type of crime. And the investment needed to run these campaigns continues to drop as we\u2019ve seen the necessary tools available for sale or rent on the underground.<\/p>\n That level of availability has removed the technical knowledge requirements from running a campaign. No specialized knowledge needed, low risk, and a big payoff? That\u2019s a dream combination for criminals.<\/p>\n Investment in these campaigns is easy to justify\u2014well, easy to a criminal\u2014because of the extremely low cost of scaling out these crimes.<\/p>\n In the physical world, with each additional victim there is additional risk for criminals. With each crime committed, law enforcement gathers more evidence, continues to build a case, and is more and more likely to capturing or stop the criminals.<\/p>\n Cybercrimes are fundamentally different.<\/p>\n Each victim adds evidence but it\u2019s almost an exact duplicate of the previous victims because the entire process is automated. Once the basic infrastructure of a ransomware campaign is setup there\u2019s near zero cost or risk to attack more victims.<\/p>\n This imbalance results in cybercriminals infecting as many victims as possible in order to increase their profits. And why wouldn\u2019t they? If attacking another victim is as easy as changing a number in a tool or adding a new email address to a list, the only reason not to scale up a campaign is to avoid detection.<\/p>\n Given the low odds of being caught, prosecuted, and convicted, there\u2019s little deterrent for criminals.<\/p>\n The only way that we\u2019ll see less ransomware attacks in 2017 and beyond is if the economics change.<\/p>\n We know that there\u2019s nothing substantial that we can do to reduce the cost of launching attacks. The technology is out there and it continues to improve. What will be effective is reducing the profit that criminals are making from these efforts. The only way to do that is to refuse to pay.<\/p>\n That\u2019s the official recommendation from almost every security company and law enforcement agency, Trend Micro included.<\/p>\n I whole heartedly agree with that position but also understand the dilemma facing people and organizations whose critical data has been encrypted and that they can no longer access.<\/p>\n But looking at the bigger picture, the only way that ransomware will stop is if it\u2019s not a massive profit centre for criminals. If they continue to make millions\u2014if not billions\u2014then there is simply too much money at stake to stop.<\/p>\n How has ransomware impacted you or your business? Let me know on Twitter where I\u2019m @marknca<\/a> or on LinkedIn<\/a>.<\/p>\n53% And Rising<\/strong><\/h3>\n
1 Billion Or More<\/strong><\/h3>\n
Scaling A Criminal Campaign<\/strong><\/h3>\n
No More Ransomware<\/strong><\/h3>\n