SAN FRANCISCO–As bad as the ransomware problem is right now–and it’s plenty bad–we’re likely only at the beginning of what could become a crisis, experts say.
“Lots of people are being infected and lots of people are paying. The bottom line its it’s getting worse and it’s going to continue to do so,” Jeremiah Grossman, chief of security strategy at SentinelOne, said during a talk on the ransomware epidemic at the RSA Conference here Monday.
“Seven-figure ransoms have already been paid. When you’re out of business, you’ll pay whatever you have to in order to stay in business. You’re dealing with an active, sentient adversary.”
Ransomware gangs have sprung up all over the world within the last couple of years, and many of them have found success quite quickly. The barriers to entry for a ransomware attacker are incredibly low and once he has the infrastructure set up, an attacker can scale his operation almost infinitely. The only real limiting factor to financial success for these attackers is the number of users they can trick into infecting themselves. And that has not proven to be a real obstacle.
Podcast: Jeremiah Grossman on Ransomware
Grossman, who has been studying the economics of the ransomware problem, compared the model to that of maritime pirates who have tiered organizations with division of labor and financial backers who help them launder the profits when they’re successful.
“The closest parallel I’ve found is high-seas piracy,” he said. “They need intelligence on targets and a trusted financial system to launder the money. Ransomware is much less risky and it requires much less equipment and upfront costs. You don’t have the risk of getting shot and you can do it from anywhere in the world. And attribution is incredibly difficult.”
The ransomware market seems to be headed in the same direction as real-world kidnapping, where high-profile targets take out insurance policies to pay ransoms. Grossman said it probably won’t be long before the insurance companies latch onto the ransomware game, too.
“The insurance companies are going to see a large profit potential in this. Kidnapping and ransom insurance is still very boutique. This economic model will probably apply equally well to ransomware,” he said.
And, as in physical abductions, the bad guys have all of the leverage.
“Time is on the adversary’s side. They’ll wait you out. They’ll leverage fear and anxiety,” Grossman said. “Do we know how to fix ransomware? Probably. We need to start thinking of this as an economic model.”