How to stop ransomware

Cyber extortion by means of ransomware or DDoS attacks has grown tremendously over the course of just several months. Black hat hackers now utilize encryption technologies to monetize their viruses. Criminals found that stealing data is not as profitable as encrypting it. They infect computers, lock all files and ask for ransoms to be paid in digital moneylikeBitcoin. Security experts say ransom Trojans cipher files so strongly that they can only be decrypted with the help of secret keys that the perpetrators possess.

The offenders target all of us: individuals, non-government organizations, businesses, governments. They calculate the ransom sum depending on the target. Individuals usually have to submit 400 USD, while organizations like the recently compromised Hollywood hospital are forced to pay much more. Victims have two choices – lose data or pay. In most cases they end up paying to criminals, and this gives a boost to the cyber extortion market.

Hospitals, critical infrastructure entities, and police departments are very vulnerable. Files on their computers are precious. From the purely economic perspective, it is many times cheaper for organizations to pay hackers once in a while than prevent ransomware by investing in cybersecurity. Even the FBI people suggest to pay. The FBI is pretty much helpless at this point. The encryption is strong, and the cybercriminals are all oversees, usually in Eastern Europe and Russia.

Abandoned by law enforcement and security experts, the ransomware business is becoming a serious threat. A single virus called Cryptowall reportedly earned its operators more than 325 million dollars in ransoms. Meanwhile, people's lives are in danger when surgeries get postponed in hospitals paralyzed by these plagues.

Cyber extortion should be made unprofitable to stop this epidemic. Victims should stop paying. This can be done by improving legislation and policies. Paying ransoms should be treated as funding criminals/terrorism and therefore considered illegal.

Pros of making ransom payments illegal:

Psychologically, knowing that something is illegal is a big restraining factor.

Economically, huge fines can be imposed for paying ransoms. This will raise the cost to a whole new level, much higher than criminals demand. From the economic point of view, using security solutions and introducing security training - which is not cheap - will still be cheaper and cost-effective.

Potential victims will take their security posture more seriously, protecting their own and, more importantly, their clients' data.

A poll proved people support more the initiative to make ransom payments illegal. And yet, there are still a lot of people who object, so, actually it's a serious question.

Paying ransoms is already illegal in many countries.

• Easy money will push more criminals to engage in ransomware activities, causing a snowball effect and more attacks.
• Ransom demands are growing. Criminals ask for millions already.
• By quickly agreeing to pay you just prove you are an easy target and can be infected again.
• By paying you simply get your files back. Even if you remove the virus you cannot be sure there is no backdoor left. Remediation is not cheap for businesses; they still have to rebuild the whole network from scratch to make sure all is clear.
• A real-world example: terrorists clearly figured out which governments pay ransoms for their citizens. Of about 53 hostages taken by al-Qaeda and its affiliates from 2009 to 2014 most were Europeans, while only 3 were Americans. This might be seen as evidence that the logic behind America's policy of not paying is sound.