2016 is the year ransomware will wreak havoc on America’s critical infrastructure community. New attacks will become common while unattended vulnerabilities that were silently exploited in 2015 will enable invisible adversaries to capitalize upon positions that they have previously laid claim. “To Pay or Not to Pay”, will be the question fueling heated debate in boardrooms across the Nation and abroad.

Ransomware is less about technological sophistication and more about exploitation of the human element. Simply, it is a digital spin on a centuries old criminal tactic. Early in the evolution of structured path systems, the most direct roadways that connected civilization were predominantly used by more privileged members of society and armies. Eventually those who could afford horses or carriages used the roads to travel and merchants used the roads to transfer their wares. Both parties had the money of their birth or labors. Consequently, the roadways became prey to travelling footpads referred to as highwaymen. Modern stories have romanticized these figures into gentlemen thieves who shouted slogans such as “your money or your life” prior to robbing their prey.

The culprits were ransoming their prisoners with a choice. Either pay a “travelers fee” or suffer the consequences imposed by a masked adversary. Provided that the thief was honorable enough to allow his victims to live, authorities had a difficult time investigating the crimes and apprehending suspects because the adversaries were mobile. Consequently, culture had to adapt in response to the threat in order for any meaningful change to occur. Carriages began employing guards. People began travelling in groups and travelling at reasonable hours.

As roadways became more traversed, highway crime decreased because the risk of getting caught began to outweigh the reward. The internet is not unlike the aforementioned roadways. Initially, only a privileged few such as security researchers, the military, and a rich few, had access. Attackers could have made money from exploiting the sparse number of victims, but it was not until a greater influx of unwary victims began moving about that real profit could be realized. Ransomware threat actors adopt the highwayman mentality by threatening the lifeblood of their victims – information – and boldly offering an ultimatum. Despite recognition of the threat, the adversaries remain a numerous and nebulous bunch.

Law enforcement has neither the time nor the resources to track down the culprits. Only a societal cybersecurity reformation in user awareness and training will deter the attackers. Security firms like Kaspersky, Covenant Security Solutions, Forcepoint, GRA Quantum, Trend Micro and Securonix predict a dominant resurgence of ransomware attacks in 2016. Already, healthcare organizations, who were previously off-limits targets among ransomware threat actors, have been brutally and relentlessly targeted with inbound attacks intent on leveraging patient lives against the organization’s checkbook. This shift may be largely backed by the more sophisticated Advanced Persistent Group Threat actors who are entering the stage because ransomware attacks are under-combated and highly profitable.

According to Brian Contos, ICIT Fellow and VP & Chief Security Strategist at Securonix, attackers are pivoting to ransomware because “[It] is a volume business. It’s simple, relatively anonymous and fast. Some people will pay, some will not pay, so what. With a wide enough set of targets there is enough upside for these types of attacks to generate a steady revenue stream.” Ransomware has been 4 around since 1989 but its popularity decreased in favor of other malware because the number of internet enabled victim devices was not exceptionally beneficial to the adversary’s profit margin. Now, with prevalence of mobile devices and the looming shadow of the internet of things, the potential threat landscape available to ransomware threat actors is too tantalizing a target to ignore.

Danyetta Fleming Magana, ICIT Fellow and President and Founder of Covenant Security Solutions elaborates that “The world is a living and breathing digital planet, and over the past decade is has accelerated into a gorgeous global information field. The internet remains the single most common vehicle for billions of communications and business transactions on a daily basis.

As new technology becomes available, more and more people and businesses will be connected to the internet in a variety of ways, making most of them prime candidates for a cyberattack.” Society now relies on constant access to the vast stores of data gathered from constant communication of people, devices, and sensors. Information security specialists and the technical controls that they implement must become adaptable, responsive, and resilient to combat emerging threats.