A Cal­i­fornia hos­pital recently had its patients’ records held hostage. But the per­pe­tra­tors did not com­man­deer a room full of paper files. They were in fact hackers who restricted access to the elec­tronic records and demanded a ransom of $17,000 in Bit­coins in exchange for stop­ping the attack.

This was the most recent example of ran­somware, a form of extor­tion where hackers use mal­ware to remotely take con­trol of a com­puter or network–either by locking the com­puter or encrypting your files–and deny you access to your infor­ma­tion. And the only way to remove the restric­tion is to pay a ransom, which the Cal­i­fornia hos­pital did.

We asked two North­eastern pro­fes­sors–cyber­se­cu­rity experts Engin Kirda and Gue­vara Noubir–to explain what has spurred the recent ran­somware attacks and what you can do to keep your infor­ma­tion safe.

Why is ran­somware becoming more preva­lent and how has it evolved over the years?

Guevara Noubir

Col­lege of Com­puter and Infor­ma­tion Sci­ence pro­fessor Gue­vara Noubir. Photo by Brooks Canaday/​Northeastern University

Noubir: Ran­somware mal­ware have been around since the late 1980s. Con­cepts under­lying public key crypto-​​based ran­somware were con­ceived as an effec­tive money extor­tion mech­a­nism in the 1990s. The emer­gence of pri­vacy infra­struc­ture, such as the anonymity net­work Tor, and cryp­tocur­ren­cies, such as Bit­coin, make it pos­sible for an adver­sary to commit such cyber­crimes and get away with it.

How is ran­somware impacting cybersecurity?

Noubir: Recent ran­somware nov­elty lies is in the anony­mous monetization/​payment-​​exchange method. This is still not well studied but the rise of the attacks are dri­ving the imple­men­ta­tion of tra­di­tional secu­rity mea­sures from aware­ness and poli­cies to secure plat­forms and tools.

Kirda: Ran­somware is not spe­cial. In the gen­eral cyber­se­cu­rity land­scape, it is yet another scam and means for using mali­cious code for making money. In fact, I would claim that no secu­rity pro­fes­sional has been sur­prised by the advent of ran­somware because con­cep­tu­ally it uses very sim­ilar tech­niques as tra­di­tional mal­ware to infect and spread.

Who is most likely to be a victim of ran­somware and why? Do attacks tend be more random or are vic­tims specif­i­cally selected?

Noubir: Vic­tims are sim­ilar to tra­di­tional mal­ware. While in the past extor­tion typ­i­cally tar­geted com­pa­nies and orga­ni­za­tions, dig­ital cur­ren­cies are making it easier to auto­mate against average users.

Kirda: The people who become vic­tims of ran­somware are also typ­i­cally the vic­tims of other types of mal­ware as well. In most cases, ran­somware attacks are random, but there might be a recon­nais­sance phase in some of the attacks where the attackers may choose to explore a poten­tial target before launching some­thing more large-​​scale.

The latest ran­somware attacks against hos­pi­tals, for example, seem to have had a com­po­nent that was tar­geted to a cer­tain degree. Note that this fact, though, is also typ­ical for any type of mal­ware attack.

What are some best prac­tices people can adopt to avoid being vic­tims of ransomware?

Engin Kirda

Engin Kirda, a pro­fessor in the Col­lege of Com­puter and Infor­ma­tion Sci­ence. Photo by Brooks Canaday/​Northeastern University

Kirda: Ran­somware attacks the victim’s data. People pay up because they are afraid they will oth­er­wise lose their infor­ma­tion. A good defense mech­a­nism is to make sure to always have cur­rent, remote backups. The cloud, for example, is a good place for backups for most users.

Of course, if a victim is not infected in the first place, it would be ideal. Orga­ni­za­tions and users need to make sure they have cur­rent defenses in place and users need to learn not to open sus­pi­cious files or click on sus­pi­cious URLs.

Why are the ransom demands typ­i­cally made in Bit­coin? Why not demand currency?

Noubir: It is dif­fi­cult to trace Bit­coins because they are typ­i­cally shuf­fled using online mixing services.