Tech Group: ‘2016 Will Be the Year Ransomware Holds America Hostage’

Barbara Hollingsworth | March 9, 2016 | 4:35pm EST
Font Size
Ransomware mimicking a message from law enforcement. (YouTube)


( -- “2016 is the year ransomware will wreak havoc on America’s critical infrastructure community,” warned a new report released Wednesday by the Institute for Critical Infrastructure Technology (ICIT).

 “’To Pay or Not to Pay’ will be the question fueling heated debate in boardrooms across the Nation and abroad,” predicts ICIT, a non-profit, non-partisan group that acts as “a conduit between the private sector, federal agencies, and the legislative community.”

Ransomware is a cyberattack that holds a victim’s computer system for ransom by encrypting data files or completely locking it down. Cybercriminals then demand a ransom for the decryption key, threatening to destroy the data if the victim does not comply.

“Ransomware is rampant,” ICIT reports, with some attacks posing as bogus law enforcement announcements.

Businesses, healthcare organizations, educational, religious, and financial institutions have all been victims of ransomware, which is often accompanied by denial of service attacks that cost victims an average of $500 per minute, notes the report, which was co-authored by ICIT senior fellows James Scott and Parham Eftekhari. 

Even police and fire departments have been targeted. 

 “Victims have to make a very difficult decision. Either pay the ransom without knowledge of who receives that money and what further harm is done with it or lose all of their data behind a layer of encryption… In numerous cases, organizations tend to pay because, for them, every minute of downtime directly equates to lost revenue.”

Last weekend, ransomware called KeRanger demanded that owners of Macintosh computers pay one bitcoin (about $405) to unlock their computers.

KeRanger, the first “fully functional” ransomware to infect Macs, was spread via Transmission, a popular open source information sharing network used to download software, music and videos. It first appeared on March 4, but was successfully shut down two days later after infecting about 6,500 computers, Forbes reported.

“Ransomware threat actors adopt the highwayman mentality by threatening the lifeblood of their victims – information – and boldly offering an ultimatum,” the ICIT report stated, adding that “a small team can easily infect and ransom millions of systems. The attackers only need a few users per million of targets to pay ransom for the campaign to be successful.”

The ICIT report warns that “mobile devices, personal computers, industrial control systems, refrigerators, portable hard drives, etc.” are “not secured in the slightest against a ransomware threat.”

“With [the] prevalence of mobile devices and the looming shadow of the internet of things, the potential threat landscape available to ransomware threat actors is too tantalizing a target to ignore,” it pointed out.

The FBI, which has set up an Internet Crime Complaint Center, also warns that the use of ransomware “is on the rise” and lists a number of ways Americans can protect themselves.

But ICIT points out that “law enforcement has neither the time nor the resources to track down the culprits,” citing a February attack on the Horry County, S.C. school district, which paid hackers nearly $10,000 to decrypt 25 servers “after an FBI investigation yielded no alternative action.”

The report also quoted Joseph Bonavolonta, head of the FBI's CYBER and Counterintelligence Program, who said last October: "To be honest, we often advise people just to pay the ransom.

“Organizations should protect their networks as if it was a castle under siege,” the tech group urged, because “no security vendor or law enforcement authority can help victims recover from these attacks.”

ICIT has also published “Know Your Enemies” – “a primer on advanced persistent threat groups” in numerous foreign countries that are targeting Americans, including China, Russia, Iran, North and South Korea, Syria, France and Israel.

 Related: LA Hospital Attacked by ‘Ransomware’ Paid Hackers 40 Bitcoins to Unlock System

mrc merch