3 Reasons Why Ransomware Will Not Be the Next Big Thing

An opinion piece

Various ransomware, a type of malicious software (malware) designed to block access to a computer systems until a sum of money is paid, is making big headlines in the news lately. It was even reported that a Massachusetts police department paid $750 to have their files unlocked. Ransomware is steadily creeping its way into the consciousness of everyday people due to media coverage and the growing nature of this type of malware.

I recently gave a talk on the basics of malware to 200 non-IT people that covered a broad overview of the history of malware, some of the popular ones today, and tips to avoid being infected. After my talk, someone approached me to ask a very interesting question. He asked, “Is ransomware going to be the next big thing”? I quickly answered, “No”, because the main driver behind this type of malware is economics. Let’s take a look at the reasons why our actions as individuals will affect the economics.

Reason 1: The defense is already in place for most

Ransomware is like the teens in your local neighborhood washing cars to raise money. Each time they wash cars, they raise some amount of money. If people stop paying the ransom when they are affected, then the economic drivers will go away. The biggest reason ransomware victims will not pay is that most organizations and private users are backing up their data. This is because almost all of us have experienced some kind of virus or system malfunction. Those who are not backing-up their data only need one bout with ransomware to begin practicing regular back-ups. Therefore, I believe ransomware will not reach the critical mass it needs to become more than an annoyance.

Reason 2: Ransomware and the blue screen of death are nearly the same

When it comes to operating system (OS) dominance, Microsoft has 85% to 95% of the market share. This means that almost everybody has used or is using Microsoft Windows in some form; making it highly likely that users have seen the BSoD (Blue Screen of Death), an experience that has been around since Windows 3.1. As we know, the result of the BSoD is often a total loss of data.  This is identical to what happens in a ransomware attack.

Though the BSoD has been around for a while, we have not stopped using Windows; instead we have increased the use of it and it is often the standard OS in many organizations. This signifies that users will tolerate a certain level of annoyance and data loss. The BSoD does not make users pay a ransom, but it ultimately reminds many to perform regular back-ups.

Reason 3: Ransomware isn’t new

Ransomware programs are not as new as the media would like you to believe. Like most forms of malware, it has been around for a while and has merely been updated and re-tooled. The AIDS Trojan (first ransomware) was created in 1989 and used symmetric cryptography. This was pretty simple to fix if you got infected and wanted to invest the time. 1989 was over 10 years before any real e-commerce hit Internet mainstream. As e-commerce grew in the early 2000s, malware like the AIDS Trojan was re-introduced in mid-2006 with worms like Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive utilizing more sophisticated encryption schemes and ever-increasing key-sizes.

The new string of ransomware malware is utilizing more sophisticated encryption and is virtually impossible to break. This means that if you get infected, your data is likely gone forever. We must keep this in mind when thinking about the mainstream media; their job is to get page clicks and eyeballs which means topics like new cyber threats must be spun in an exciting manner. So, when you consider the logic and reasoning, you may come to the same conclusion that ransomware will become obsolete as front page news.

Final thoughts

When users see ransomware through the lens of mainstream media, it strikes fear in their heart. This causes everybody is gravitate towards calling it ‘the next big thing’ because it drives page clicks. I think this is argument falls apart when you examine the economics and how we as users and organizations can affect them. The only way this strain of malware becomes anywhere near as big as anticipated is if people starting paying the ransom in mass quantities. This will not happen and bad actors will move on to something else that has more return on investment.