CNN Money reports about new estimates from the FBI that show the costs of ransomware have reached an all-time high this year. Threat actors made $209 million in the first quarter of 2016 by extorting businesses and institutions to decrypt files and systems.
Holy Schmoly, at that rate, ransomware is on pace to be a $1 billion a year crime this year.
The FBI told CNN that the number "is quite high" because a few people "reported large losses." The agency also said that the losses could increase when related costs from these crimes are factored in. Also, some victims pay the ransom but choose not to report the crime if they are not required to do so in order to keep their name out of the press.
In one case, a South Carolina school district paid an estimated $10,000 in ransom to the hackers that attacked their network. You may also remember in February when Hollywod hospital paid a ransom in Bitcoin of over $16,000.
Those relatively small amounts are the norm because it encourages companies and institutions to pay up as soon as possible to regain control of their computers rather than lose time and money trying to restore backups that could ultimately fail. It's especially true in the healthcare industry that they need to be back up and running as soon as possible or it could literally be a matter of life and death.
"The ransomware criminals understand this," said Paul Roberts, founder and editor of a website called The Security Ledger. Their business in some ways is a volume business so they don't set their ransom so high that you can't pay it. They set it at a level so they can get their money and move on to the next victim."
Roberts said that many cyber-criminal groups operate out of Russia and the former Soviet republics in Eastern Europe. We do not have any jurisdiction there and their law enforcement does not cooperate with ours, making it extremely difficult to catch these guys. Combine that with ransom being paid using the untraceable Bitcoin currency and you can see why this is such a wildly successful criminal enterprise.
This is why you need to always make sure you think before you unwittingly click on what could turn out to be a social engineering email that infects not just your computer, but your entire network.