Security Trends in 2016: The Problem Of Ransomware

Ransomware is a specific type of malware that encrypts important information and keeps it encrypted until the ransom (typically money) has been paid.  Until very recently, ransomware was not a widely-used type of malware, but it has absolutely exploded in popularity in the past few years.  SonicWall reported 3.8 million ransomware attacks in 2015 and then 638 million attacks in 2016!  That 167 times just one year.  If ransomware is growing this quickly, then it's fair and responsible to talk about it and figure out what to if you ever get attacked with it.

Ransom (noun):  money that is paid or demanded for the release of someone or something from captivity

The following graph shows various examples of ransomware over time.  Notice the concentration in the past few years.  This shows that many attackers are focusing their coding efforts on ransomware, and would-be criminals have a seemingly endless selection from which to choose.  


Why the sudden rise in ransomware, you ask?  Great question.  The answer: it works, and it's lucrative.  In 2016 alone, an estimated $1 Billion was paid out in ransomware fees.  Ransomware has always been a technical option for attackers (it's not entirely hard to plant malware on someone's computer and encrypt a bunch of their files), but the main problem rose out of the payment part of the ransom.  In years past, attackers didn't have a convenient and reliable way to anonymously accept ransom payment.  But now, they have a very easy way to conduct anonymous financial transactions's called Bitcoin.  Bitcoin plays a huge role in ransomware because it is both anonymous and popular as a form of online payment.  Before Bitcoin, it was nearly impossible to accept payment for the ransom without getting caught.  Now, you can exchange money via Bitcoin and no one can track it.  Since anonymous payment options are available and ransom malware is easily accessible, ransomware has become a very popular tool for attackers.  

When a person or company is the target of ransomware, the fundamental decision of that person or company centers around the payment of the ransom.  Do you pay or not?  If you don't pay, you definitly won't get your data back.  Of course, even if you do pay, there's no guarantee that you'll get your money back.  In 2016, less than half of all companies that were attacked actually recovered all of their data.  It's good to discuss these decisions prior to getting attacked.  Here are some recent examples of companies that were attacked and chose to pay the ransom: 

I could go on with many more examples, but you see the point.  Ransomware attacks are on the rise, and you need to be prepared for one.  In just about every one of these cases, the ransomware was planted via a malicious file attached to an email or website.  The old idea of "don't open suspicious attachments" and "don't click on suspicious links" still completely rings true today.  It's also a great idea to have backups of all your data and those backups should be stored in a way that makes it difficult for the ransomware attackers to attack the backups if/when they successfully breach your network.  Finally, if you ever fall vicitim to ransomware, call the FBI so they can try to decrypt the data and chase after the attackers...although they might tell you just to pay the ransom.

Published Feb 10, 2017
Version 1.0

Was this article helpful?


  • Harry1's avatar
    Icon for Nimbostratus rankNimbostratus

    Nice article Jhon. could you please let me know is there any component or future would be in F5 bucket to protect with these types of attacks?


  • Hi Harry! Like most malware attacks these days, it all starts with end users who follow safe practices when clicking on links, opening email attachments, etc. But, there are also some great products out there that help with this problem as well. The BIG-IP Secure Web Gateway is a great tool you can use to help end users stay safe. Here's a link to find more information: