April Showers Bring Malware: A Crop of Thorny Ransomware Has Recently Bloomed

Spring is here, and with it all the beautiful birds singing in the morning (I much prefer them to my alarm clock!) and all the neighborhood kids running and reconnecting outside while playing in the yards.  And we cannot forget the buds emerging from the ground and branches.  As the saying goes, April showers bring May flowers, and we will have a bit of rain, I am sure.  However, in the cyberworld, those April showers have brought more than just some flowers in May, as a new crop of thorny Ransomware has recently bloomed.

Like dandelions in a front yard, Ransomware production continues to excel at a rapid rate. Thirtyseven4 has already observed as many new strains of ransomware in the first 4 months of 2018 than it did in all 12 months of 2017 (and 2017 had a record number!).  The reason for the high emphasis on worldwide ransomware planting is simple: it is unfortunately a highly lucrative business, with reports of CryptoWall 3.0 grossing $325 million and estimated total ransom payouts globally now approaching $1 billion dollars.  And those are merely the (estimated) payouts to cyber thieves–there are other pieces and money-makers from the efforts.  Global estimates for damage costs associated with ransomware are predicted to have exceeded $5 billion in 2017 alone.

The numbers associated with these payouts are hard to believe, but if we look back at some well documented ransomware attacks over the years, we get a glimpse of the reality of those figures.  Early in 2016, it was reported that a Los Angeles hospital system, Hollywood Presbyterian Medical Center (HPMC) paid attackers/hackers $17,000 to regain access to their critical data.  Last Summer (2017), the Web hosting company Nayana located in South Korea, forked over approximately $1 million to recover its data: resulting in likely the largest ransom ever paid.  And finally, just months ago, the Hancock Health institute paid over $55,000.00 to decrypt its files.  Statistically speaking, in about one third of reported cases, users are paying out up to $500 to ransomware authors, but in almost 20% of the cases, victims/institutes are paying $10,000.00 or more.  It is also very important to note, that even if the ransom is paid, it does not guarantee that you’ll get your files back.  In fact, in 60% of the cases where money is spent to decrypt files, people do not receive the necessary decryption information back (double whammy!)!

Because of the popularity of this topic and attacks, I spend a sizable amount of time dealing with ransomware and presenting on the topic of ransom payouts for the cybersecurity side of things.  It got me wondering about what the largest ransom ever paid for a person has been?  In this context, I suppose we can define ‘ransom’ as the act of freeing someone from captivity or punishment.

My guess is that some of you may recall hearing news of reported ransom stories in the past.  My knowledge on the subject is sheltered and mostly limited to the 1996 American crime thriller movie, Ransom, where Mel Gibson plays the role of multimillionaire airline owner Tom Mullen, whose son is kidnapped on a $2 million-dollar ransom.  Let’s see how well your memory fairs with some recent ransom-related stories I found in my research:  Patty Hearst, a 19-year-old heiress to the Hearst media conglomerate.  Patty was kidnapped in 1974 and ransomed at the time for $6 million (over $30 million today).  Freddy Heineken, CEO of brewing company Heineken International. Mr. Heineken was released in 1983 on a ransom of approximately $22 million (the equivalent of around $55 million in 2018).  Jorge and Juan Born, wealthy Argentine grain traders. The brothers were kidnapped in 1974 and ransomed for $60 million (equivalent to nearly $300 million today).

Do you have any guesses on what the largest ransom ever paid was?  Any Robinhood fans out there?  If we consider pre-modern ransoms, arguably the highest dollar value ever demanded for a ransom would have to be the 150,000 marks that Leopold V, The Duke of Austria commanded back in 1190 for the release of King Richard the Lionheart.  The 150,000 marks may not seem that impressive, but in today’s dollar that is equivalent to $3.3 billion! And even more noteworthy is that the required ransom was over double the annual revenue of England at the time.

Whether we are thinking in terms of ransom as a new emerging cyber threat payment or the physical act of paying off a kidnapper, we think of it in terms of a “good” vs. “evil” or a “offender” vs. “victim”.   However, we are just one month past celebrating the most defining event in all of history, Easter Sunday and the resurrection of Jesus.  Jesus death, burial and resurrection is undoubtedly the costliest ransom ever paid.  John 3:16 reads, “For God so loved the world that he gave his one and only Son, that whoever believes in him shall not perish but have eternal life.”. By God sending his only begotten Son to die for us as a ransom for our sins, God is both the “Captor” and the “Liberator”.

Think about what I just wrote for a minute: God is both the Captor and the Liberator.  God creates us in His own image. Man decides his ways are better than God’s ways.  A perfectly just and holy God can’t simply turn a blind eye to our sins and compromise His justice.  The wages of our disobedience (sins) is death and we must be punished.  God is Just (Captor).  Yet, God is also loving.  Instead of inflicting punishment on us, which we deserve, He provides a ransom: a penalty on Himself through Jesus.  God is merciful (Liberator) without having to compromise His own holiness.  I think about this with such amazement.  Romans 10:9 says, “If you confess with your mouth, “Jesus is Lord,” and believe in your heart that God has raised Him from the dead, you will be saved.”

Many of you may be questioning why I wrote this article this month as opposed to the month leading up to Easter, and that’s a fair inquiry.  The weeks and even month before Easter are filled with activities (ie. Passion walks and plays, Easter services, Community outreaches, etc.) aimed at preparing our hearts and minds for Resurrection Sunday (and these are all wonderful things!).  But, what about after Easter?  I am sure in the coming months, I will be writing more on the latest malicious cyber activity out there.  I can all but guarantee you I will continue to receive and analyze tens of new ransomware samples daily.  Here is my hope for you, and also myself: Easter is more than a special holiday celebrated in late March/early April, it goes beyond in that we (hopefully) remember daily the price that was paid for us.  And what will we do with that realization?  When I come across a new and dangerous ransomware (or when you hear or read of these threats), I aspire to not only utilize my God given talents to reverse engineer and combat the malware, but I remember the “ransom” that was paid for me.


Thirtyseven4, LLC is dedicated to serving customers with a full palette of security solutions including AntiVirus, AntiMalware, Anti-Ransomware and Zero-Day Threat Protection.