Ransomware attacks spiked over 6,000 percent in 2016, and they don't appear to be slowing down in 2017. Malicious cryptovirus software that either locks screens (locker ransomware) or encrypts files (crypto-ransomware) demands victims pay a ransom to gain access to their own data — and most companies pay up. It is affecting organizations worldwide:
- In May 2017, the British National Health Service (NHS) reported that multiple UK hospitals had to send emergency patients to other facilities due to a ransomware attack. Ransomware criminals used a program called Wanna Cry Decryptor, which takes advantage of a hole in Microsoft's Windows operating system. Officials at the medical facilities urged citizens to seek health care only in serious emergency cases. Data affected included phone systems, doctor appointment schedules, emails and patient records. Healthcare IT News said the ransom amount demanded was more than half a billion dollars.
- The same ransomware strain affected Spanish telecommunication company Telefonica. The program exploits MS17-010, part of the Windows Server Message Block service, which is used to share files. The ransomware spreads quickly when employees share files across networks. Telefonica said the attack did not affect services or clients — the malicious software did not get beyond an internal network. Telefonica has until May 15, 2017, to pay the ransom of $300 per computer, which could total tens of thousands of dollars; company officials did not indicate their plans. Other Spanish corporations including Gas Natural and Iberdrola urged employees to shut off computer equipment or disconnect it from the internet. Wanna Cry ransomware also attacked organizations in several other countries.
- While it makes sense to disconnect computers from the internet, not all ransomware needs a live internet connection to work. In early 2017, cybercriminals using the offline ransomware Dharma affected Racing Pulse, one of the largest horse racing sites in India. Dharma works by sending phishing emails. Once an employee at the targeted company clicks the infected message, it unleashes a virus that affects the company systems. The company's servers are located in the United States, indicating hackers can attempt ransomware on any system anywhere in the world at any time. It was the third time hackers had attempted to breach the company's security with ransomware. The third attempt was successful in encrypting every file on the site, forcing the company to cease operations completely for several days.
Cyber-extortion in the past has targeted smaller firms, but these cases show an increase in crimes against enterprise-size companies and multinational brands.