An Austrian hotel lost control of its door locks, keeping new guests stranded in the lobby. A police department in Cockrell Hill, Texas abandoned years of video evidence and digital documentation. In Washington, DC, the police couldn't access its CCTV footage storage system days before Donald Trump's inauguration. All of this news came out in the last week, stemming from a rapid escalation of how ransomware is deployed. And it's only going to get worse.
Ransomware has existed in various forms for over a decade. In a classic ransomware scenario, malware storms your computer, encrypts your data, and won't give you the decryption key unless you pay a fee, usually in Bitcoin. Variations involve holding specific equipment, like your keyboard, hostage until you pay the ransom. But over the last 18 months, ransomware attacks have increasingly targeted large organizations and systems rather than individuals. One big payout from a group that can afford it beats stringing together lots of small payments from individuals. At this point, ransomware attacks are a $1 billion-per-year business. And, more importantly, the trend is creating collateral damage like never before.
"My prediction going forward is that we're not only going to see ransomware focused on data, we'll see more ransomware focused on other ways to disrupt a business." says Marcin Kleczynski, CEO of the cybersecurity defense firm Malwarebytes. In its own way, ransomware is not dissimilar from other types of cyberattacks, which have increasingly targeted corporations with large databases of consumer info—think of how many times you've had to change your passwords and credit card numbers lately—over one-off consumer grabs.
"That's really a huge change, that ransomware is actually ransoming back the ability to do business," says Jack Danahy, CTO of cybersecurity firm Barkly.
More than half of corporate ransomware attacks start with an employee using an enterprise device for personal tasks, according to a joint survey by the cybersecurity firm Carbonite and The Ponemon Institute, an independent research group. Forty percent of corporate victims in the same survey said that ransomware spread across devices in their networks. Sometimes, all it takes is one person's errant click to take down an entire system, especially if ransomware has circulated and can activate on many devices at once.