Ransomware has experienced a meteoric rise over the last two years, and I contend that it is due for a meteoric fall. Here’s why: As unlikely as it may seem, Ransomware relies solely upon trust.
Many of the criminals behind ransomware appear to have an “honor among thieves” mindset. There have been countless “successful” transactions where an organization or individual has paid the ransom and been given the private key to unlock captured their data. I have even read of situations where the group that created the ransomware had an informal helpdesk that walked victims through the process of paying the ransom, primarily through Bitcoins. Bitcoin is the preferred method of payment because it is a digital-only currency and is nearly untraceable, since it does not link to a bank account. After getting paid, this criminal helpdesk then assisted their victims with decrypting their data. Unheard of, right? This is where the idea of ransomware gets a little crazy: A victim must place their trust in a criminal, and in many cases, that trust pays off. Often, after paying the ransom, data is restored and each party goes their separate ways.
So here you have this perfect criminal balancing act. Someone’s data gets encrypted, they pay a fee, their data gets decrypted. As long as the victim upholds their end of the bargain (namely giving a criminal a Bitcoin), then the criminal gives the victim a private key to unlock their files. Easy money for a criminal, right? Because it appears to be that easy, many are jumping on the band wagon. This misguided perception of easy money will prove to be the beginning of the end for ransomware.