Experts worried about ransomware hitting critical infrastructure

Expect ransomware to grow more aggressive in the coming years, including higher ransom payments and attempts to go beyond attacking data -- by shutting down entire computer systems to utilities or factories.

“I see no reason for ransomware to stop,” said Neil Jenkins, an official with the U.S. Department of Homeland Security. “It’s shown to be effective.”

On Monday at the RSA cybersecurity conference, experts gave a grim outlook on the future of ransomware, which they fear will spread. Through the attacks, cybercriminals have already managed to rake in US$1 billion last year, according to at one estimate.

The computer infections work by first targeting the victim’s data, and encrypting it. The ransomware will then threaten to delete the data, unless a payment, usually in bitcoin, is made.

However, a key concern is that ransomware will start targeting critical infrastructure, said Jenkins, the director of the DHS enterprise performance management office.

He pointed to the recent example of an Austrian hotel hit with ransomware that took out its keycard system for the hotel doors. Future ransomware attacks might try to lockdown control systems for a water utility, threatening its operations, Jenkins said.

“I worry that’s going to be the next step,” he said.

Too many important computer systems are also connected to the internet when they shouldn’t be, said Gal Shpantzer, CEO of Security Outliers. Small businesses are also failing to properly segregate their computers from other processes, like a factory assembly line, he said. When a ransomware infection hits, it has the potential to shut down the entire operation.

“That’s where ransomware is going to go,” Shpantzer said. “I think it’s inevitable. People are going to be injured or lose their life. This is starting to affect things that shouldn’t be on the internet, or are physically moving.”

The hackers behind ransomware infections are also demanding higher and higher payments, some times over $40,000, said Jeremiah Grossman, chief of security strategy at SentinelOne.

There have even been a few ransomware cases where victims had no choice but to pay over seven figures to recover their system, Grossman added, declining to provide details.

“Bottom line, it’s getting worse out there, and it will continue to do so,” he said.

Ransomware infections are already harassing small and medium businesses, according to Robert Gibbons, CTO at security provider Datto. His company conducted a survey that found 60 percent of its partners have experienced one to five ransomware attacks in the last year.

The remainder had experienced over five attacks.  “Ransomware is still an epidemic,” he said.

Experts recommend that businesses and users frequently back up their data and also test to those backups to make sure they work. Security vendors have also published tools that can free computers from some ransomware infections.  

When an attack hits, victims may be tempted to pay the hackers the ransom. But Gibbons warned that one out of four times, the hackers still declined to decrypt the victim's data, despite receiving payment.