A couple of weeks ago I was enjoying a business breakfast with a client when things turned bad for him. It seems it was a bad omen to talk about the challenges he was facing with regards to IT security since as we were talking, he received a text message from his staff informing him that they were hit with CryptoLocker. CryptoLocker encrypts a victim’s documents and demands a ransom for the decryption key usually paid in bitcoins. In its Internet Security Threat Report 2014, Symantec “…noticed a significant upsurge in the number of ransomware attacks during 2013. During January Symantec stopped over 100,000 infection attempts. By December that number had risen more than six-fold.”
Not only it is it not a myth, it has become so widespread that according to the same report, “attackers have concluded that US$100 to $400 is the optimum ransom amount, and they will move to adjust their demand to avoid pricing themselves out of the market” and so my client was asked a 500$ ransom. Luckily for him he chose not to pay and opted instead for backups and cleanups as our friends from SourceFire has let us know that once you pay, you are being put on a list of people that are nice enough to pay the ransom, and therefore become subjected to further attacks.
Even though ransomware does not make up a huge percentage of overall threats, it is not a myth as my personal experience shows; and despite working for a company that has the expertise to help with the cleanup operations it is not in such circumstances that I enjoy being introduced the new clients.
Charles Tremblay, ESI Account manager