Hackers are demanding increasingly hefty ransoms to free computers paralysed with viruses, as cyber criminals seek to maximise profits from large numbers of victims willing to pay up, according to cyber security firm Symantec. The average demand embedded in such malicious software, known as ransomware, more than tripled last year to £840 from £230, and the pricing has continued to rise in 2017, according to Symantec.
“The bad guys haven’t found the top end of what people will pay,” said Kevin Haley, Symantec’s director of security response. The company said 69% ransomware infections in 2016 hit consumer computers, with the remainder targeting businesses and other organisations. More than a third of consumer ransomware victims around the globe pay cyber criminals to regain access to their data. In the United States, where such attacks are most prevalent, 64% pay. “If six out of ten people will pay your ransom when it’s three hundred bucks, you’re thinking ‘What if I raise it to four hundred? What if I raise to five hundred?'” said Haley.
The surge in cyber extortion has been fueled partly by the sale of ransomware kits, which sell for £10 to £1,500 on underground markets and make it easy for criminals to get in the business. One kit, known as Shark, lets users name their demand, which its creators collect from victims and pass on to attackers, minus a 20% commission.
Ransomware attacks have increased sharply over the past year, with criminals targeting hospitals, the police and other providers of critical services. US and European hospitals have been forced to divert patients to other facilities when ransomware paralysed computer systems. Local police have been forced to manually dispatch calls, and San Francisco’s public transit system was unable to collect fares for a weekend during the busy Christmas shopping season.