In 2016, we witnessed the explosion of ransomware across the globe as online criminals found it to be a lucrative and efficient business model. Enterprises and consumers alike have had their data encrypted and were often faced with a difficult choice between losing their files or paying up the ransom to get them back, therefore fueling the underground economy.
This large epidemic reaffirms more than ever the need for preventative measures, although those remain underrated or still an afterthought. Unlike with other types of malware, it is very difficult to recover from a ransomware infection because (in most cases) encrypted files cannot be recovered without the key crooks used to transform data into gibberish.
In addition to top ransomware families distributed via mainstream spam and drive-by download campaigns, there is much more file encrypting malware out there, so much so it is becoming difficult to keep track of it. Indeed, everybody in the cybercrime scene or wannabe malware authors want to have a go at it.
And then, there are those who take pleasure in making ransomware for fun - as if there wasn't enough of it already – or simply to gain (undeserved) attention. Because ransomware is such a hot topic, they know at least one security outlet is going to take the bait and write about it if they can come up with a new theme, be it salacious or racist.
We need to watch out for such attempts and not give them the platform or the time they are seeking. These days, it doesn't take a genius to make some basic ransomware by importing existing code and then uploading it to a virus sharing site where security products will start analyzing it and release detections for it, even though it may never have been deployed onto actual victims.
Instead we should focus our efforts on ransomware that is widely distributed or represents a real threat. We can't stop individuals from making malware, whatever their intentions are, but we ought to avoid the trap of helping them to spread their message.