The Rise of Ransomware

Lately the issue of ransomware made it to the news again. Ransomware can be defined as: “A ransomware is a kind of walmare which demands a payment in exchange for a stolen functionality” (Gazet, 2008). McAfee Labs (2015) reported that ransomware increased by 165% in the first quarter of this year, mostly targeting small to middle companies. Ransomware has become more effective due to new families named CTB-Locker, Teslacrypt, new versions of TorrentLocker, Bandarchor and Teslacrypt, the improved quality of phishing mails and new technics to avoid security systems.

The act of ransomware can be divided in three phases (Gazet, 2008):

  1. Seek target: document formats like doc, zip, odt etc. are the most targeted files as ransomware because these files most likely contain personal data.
  2. Extortion: the blackmailer tries to get power over the authors, who lose access to their information and get their files encrypted.
  3. Display ransom message: finally the blackmailers write a text file whereas they ask for money in exchange for stolen files. (Gazet, 2008).

However, last week a big online criminal operation that had the estimated  worth of $30 million per year through the use of ransomware was taken down. It was Cisco System’s Talos security unit that was doing research on the Angler Exploit Kit, a distributor of ransomware that takes over personal computers and its files. It has been the most effective kit in the past year, taking responsibility for up to 40% of ransomware’s victims (Reuters, 2015).


Despite the fact that it is a great progress capturing one of the biggest distributors, there are still other programs out there targeting victims. The main question here is whether to pay or not to pay in case you become a victim of ransomware.

For me, it definitely depends on the importance of the files that have been encrypted. Right now, I don’t have many important documents that I’ll be willing to pay a sufficient amount for. However I can imagine if companies lose crucial files, they take the risk of paying the ransom.

Nevertheless, it is still recommend not to pay for these files as there is no insurance of actually getting the wanted data. What is your opinion about this topic? And what would you do if you were in this situation: pay or not pay?


Gazet, A. (2010) “Comparative analysis of various ransomware virii”. Journal in computer virology, 6(1). pp.77-90.

Reuters (2015) Cisco security researchers disable big distributor of “ransomware”. Available at: [Accessed 13 Oct. 2015].


One response to “The Rise of Ransomware”

  1. raphaelspaans says :

    Past year I worked for a company in Australia which experienced exactly an attack like you described in this article. While I never knew the name of these activities, it is now clear to me it was actually a ransomware attack. However, I wouldn’t agree on the ‘stolen’ part, as the files don’t go anywhere. They are still on your compuer, but they are just not usable.

    So let me tell you a bit more about my experience and how my company reacted. To give you some more background, the company I worked for was a company in the horticultural technology industry and had no more than 35 employees. The day it happened was a black day in the office. I arrived at the same time at work as our IT guy. His knowledge of IT processes was no more than above average, but in a company of this scale that still makes you the IT guy. Apparently there was a weird encryption in a file the ‘Sales’ folder, which couldn’t be opened. Immediately he got called in at the manager’s office with the notion to fix it asap.

    First course of action was for everyone to disconnect from the internet to avoid any additional contamination. Second, was to call our IT service provider who sent in a guy who was knowledgeable in this field. So they figured out what the alternatives where and they were quite straight-forward: Pay the hackers or kill the virus. They choose the latter option for one obvious reason, which is the fact that you don’t know who you are dealing with. They could’ve removed the encryption, but then target us again any time they would see fit. By the end of the day around 5:30pm it was fixed. That day nobody in the office had been productive, since they had no internet connection.

    So how did all of this happen? It turned out that one of our employees who worked as a welder in the factory just opened up a link in some email. The welder was perhaps the oldest person in our company, potentially making him less aware of the risks of malware. A single click of his mouse caused the company to lose a day’s work, effectively losing ten thousands of dollars.

    This experience made me realise two things:
    – Information technology is as fragile as glass. Only one click of a mouse caused all of this and could cause all of this again.
    – The importance of investing in a good IT partner. Without them we would have gotten nowhere that day.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: