Not so long ago, in a galaxy near you, hackers made their living by breaking into computer networks to steal information they could use to redistribute the wealth of others to themselves. Things like credit card numbers and bank accounts and social security numbers. But that’s a multistep process. First they had to get the information, usually residing on corporate networks with lots of security barriers. Then they had to finagle a way to use or sell the stolen information, without getting caught, and before anyone discovered the data had been compromised. Seriously, who wants to work that hard? Not the hackers, that’s for sure.

“So what’s an enterprising cyber criminal to do?”

“Oh, oh, oh Mr. Kotter, Mr. Kotter!”

“What is it Horshack?”

“I know how to do it. Switch from cyberthief to cyberkidnapper. Don’t mess with stolen credit cards, just extort money directly from the person or company that has data they can’t afford to lose.”

“You mean take all their data? How do you do that, Horshack?”

“Well, Mr. Kotter, you don’t actually have to remove the data from the computer you only have to make it so the owner can’t access the data. You encrypt the data and make the owner pay you to get the key that decrypts it.”

“Horshack, you are an evil genius.”

Horshack is right. In fact, data-napping is so profitable that cyberthieves are increasingly abandoning their old methods in favor of ransomware. In 2015 the FBI estimated that victims who reported ransomware attacks paid $24 million to get their data back. In a January 2017 article NBC reported the total ransom paid in 2016 was about a billion dollars. In that article, computer security company Symantec estimates 64% of ransomware victims paid the ransom. And antimalware maker Malwarebytes estimates the 60% of all malware observed in 2016 was ransomware.

And it will only get worse, both in the number and the sophistication of attacks. New variants aren’t content to allow the victims to mull over what to do indefinitely. Rather, they apply pressure to pay ASAP by randomly deleting chunks of data as time drags on, or posting personal information, photos, and videos to the web if you don’t pay by the deadline.

Ransomware works equally well against individuals, small businesses, large businesses, hospitals, colleges, police departments, banks, and utilities – any entity that has indispensible data that is not backed up or that must be accessible 24/7/365. IBM did a survey of 600 US business leaders asking what they would do in the event of a ransomware attack. The results illustrate why ransomware is so lucrative. 60% indicated they would likely pay the ransom with 25% willing to pay as much as $20,000 – $50,000. Of course the cyber criminals tailor the ransom amount to the victim, aiming at a price point just below the threshold of pain. You might not fork over $30,000 to get all your family photos back. But you might seriously consider paying $300.

Learn how to protect yourself and your business from ransomware because it is the new normal.