Why ransomware continues to dominate conference agendas, despite being ‘old news’

A lot of smart people in the security world say it’s old news. Nothing more to see here, move along. And yet ransomware is a topic that won’t go away.

It has dominated our coverage here at Naked Security in recent months and was a major focus of RSA Conference 2017 in February. Today and tomorrow, it’ll be on the agenda at SOURCE Boston 2017.

The reason is simple: the bad guys continue to claim countless victims daily, many of whom pay the ransom because they feel they have no choice.

SOURCE Boston 2017

Andrew Hay, co-founder and CTO of LEO Cyber Security, will give a talk today at 1:15 pm ET called “The Not-So-Improbable Future of Ransomware”. It’s a subject he’s spent a lot of time on. During RSA, he helped run a day-long seminar on it.

During today’s presentation, he’ll outline the evolving parallels between ransomware and traditional kidnap and ransom tactics (K&R) and doctrine:

As a perpetual student of history, I immediately noticed similarities between K&R and ransomware methodologies and the rate at which common tactics were appearing in ransomware campaigns. Ransomware campaign operators are simply taking what has worked before and applied it to the computerized world.

Perhaps the biggest difference is the anonymity afforded to ransomware campaign operators through the use of cryptocurrencies, anonymized communication services, and a target-rich, internet-using population, he said. SOURCE Boston will have a ransomware panel on Thursday moderated by Paul Roberts, editor-in-chief and founder of Security Ledger.

Old but persistent

Ransomware is indeed an old topic in information security circles. Attackers have been hijacking computers and holding files hostage for years now, typically demanding that ransom be paid in bitcoins. Some might expect that most people are well aware of the threat by now and that they’re taking the appropriate precautions. It’s therefore reasonable to assume that online thieves have moved on to new tactics.

Unfortunately, that’s hardly the case. Naked Security has continuously followed cases of individuals and companies falling victim to it. Most recent examples include:

Defensive measures

Ahead of the SOURCE Boston talks, it’s worth passing along our usual resources to combat ransomware.

First, some things people can do to better protect themselves from this sort of thing:

  • Back up regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
  • Be cautious about unsolicited attachments. The crooks are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out.
  • Patch early, patch often. Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit. In the case of this attack, users want to be sure they are using the most updated versions of PDF and Word.
  • Use Sophos Intercept X, which stops ransomware in its tracks by blocking the unauthorized encryption of files.


Other links we think you’ll find useful:

Techknow podcast — Dealing with Ransomware:


(Audio player above not working? Listen on Soundcloud or access via iTunes.)