“The bad guys are going where the money is,” Weidman said.
Since 2013, more mobile devices have been sold than laptops. Therefore, ransomware is progressing from laptops to mobile devices and IoT devices.
Mobile ransomware hackers could use their skills to change the PIN on a user’s phone, overlay an app on an entire phone screen so that the user can’t do anything else on their cellphone, or use the camera app to take pictures or video of the user and threaten to upload the recordings to the cloud.
Hackers could use the same techniques on any device that has an Internet connection such as connected cars, TVs that have a microphone turned on at all times, and Hello Barbie, Mattel’s new product that connects to a phone app for two-way conversations between the user and the doll.
Weidman said that mobile and IoT ransomware could make people more vulnerable to attack because users are trained mainly on how to handle email attacks.
“No one’s really said anything like don’t click on links in texts, don’t click on links in Twitter, don’t click on links in WhatsApp, don’t click on links in the chat feature of Pokémon Go,” Weidman said.
Ransomware is most commonly delivered by phishing emails, according to Joseph Opacki, vice president of Threat Research at PhishLabs. Ransomware is also delivered by exploit kits and malicious advertising called “malvertising.”
“They’re delivering ransomware to trusted websites or what the user believes is a trusted website,” Opacki said. “It’s relying on the fact that the user is going to believe what it presented in front of them.”
Some malicious ads also have built-in mechanisms to stop security professionals from investigating them. Each day, 90,000 people are directed to a proxy server, according to Craig Williams, senior technical leader and global outreach manager at Cisco Talos.
“The problem with ransomware is that it really has the highest monetary value for our adversaries,” Williams said. “We’re not dealing with hackers in a basement. We’re dealing with hackers with the materials and funding of a nation-state.”
Russian cyber-criminal bosses outsource the distribution of ransomware to low-skilled criminals in order to turn a profit and stay out of the spotlight, according to Lance James, chief scientist at Flashpoint.
“The top-tier Russian criminals hate ransomware,” James said.
On average, the bosses make $7,500 a month, whereas the affiliates make $600 a month, according to James. Sometimes, instead of turning over the encrypted data right away, they’ll demand more money, which is why some cybersecurity companies will encourage users not to pay the ransom if they get hacked.
Ransomware attacks have quadrupled over the last year, according to the Department of Justice. The amount of money demanded by the hackers can range from $500 to $30,000.
“It’s not surprising that ransomware is among the most troubling of cyber threats,” said Edith Ramirez, chairwoman of the Federal Trade Commission.
The FTC has given out about 60 enforcement actions against companies that don’t secure their networks.
“Beyond monetary losses, attacks on businesses have devastating effects on consumers,” Ramirez said. “A failure to patch vulnerabilities might violate the FTC Act.”