It was just two days before the Thanksgiving holiday when 40-year-old Alina Simone, a Brooklyn, N.Y., musician and writer, received a frantic phone call.
It was her mother, and she was being "held hostage." Digitally speaking...
With panic in her voice, Simone's mother read the stark message displayed on her computer screen.
"Your files are encrypted," the message stated. "To get the key to decrypt files you have to pay $500. If you fail to pay within a week, the price will go up to $1,000. After that, your decryption key will be destroyed and any chance of accessing your files - all of your data - will be lost forever."
The message was signed "Sincerely, CryptoWall."
More than 5,000 files - irreplaceable family photos, critical work documents, life-sustaining bank statements, and other sensitive information - were now in the hands of cyberthieves.
Hysterical, and uncertain what to do, the Simones capitulated and paid their captors nearly $600.
Welcome to the new digital horror known as ransomware - a cyberthreat so colossal that security specialists are now classifying it as an "epidemic."
That's not hype.
It's a fact.
And I can prove it.
Better yet, I can show you how you can turn the tables, protect yourself, and then cash in big on this new threat - immediately
But before I show you how to do that, let's take a closer look at how ransomware has grown to epic proportions.
They're Calling This the "Hackerpocalypse"
I've been talking about the hacking threat facing the United States with my paid-up subscribers since the very launch of Private Briefing.
Three years ago, I told them that Russia was using Ukraine as a "hacking testing ground" - and would be turning its cyber weapons on the United States very soon.
I was right on both counts.
Since I made those predictions, we've all read how China has swiped the specs for all the top U.S. weapons systems. And right now - even as we talk here - American news organizations are detailing Russia's alleged efforts to hijack the U.S. election.
I'm recounting these predictions not to boast (well, okay, maybe a little), but rather to build credibility so that you'll also take seriously my warning that the ransomware threat is going to escalate mightily in 2017.
In concept, ransomware is deceptively simple - in essence, a form of "digital extortion."
After tricking the victim into clicking on an innocent-looking (but stealthily malicious) link or attachment, the ransomware software encrypts files and displays a message with instructions on how to recover them.
As we saw with the Simones, recovery of those files is almost always predicated on a payoff - in dollars, or, more often, in Bitcoin.
But it's not just families being targeted.
[mmpazkzone name="in-story" network="9794" site="307044" id="137008" type="4"]
Over the past few years, cyberthieves have focused on much bigger targets - like banks and hospitals... institutions that can't afford to be parted from their data.
In February, a Los Angeles hospital, Hollywood Presbyterian Medical Center, paid hackers $17,000 to recover files after the hospital was denied access to much of its computer system. Doctors' orders, payroll, and patient transfers had to be logged manually.
The hospital was forced to declare an "internal State of Emergency."
In another case in April, the NASCAR team Circle Sport-Leavine Family Racing (CSLFR) paid $500 to recover files. You see, days before CSLFR planned to field Michael McDowell at the Texas Motor Speedway, ransomware locked down their critical data: chassis information, wind-tunnel spreadsheets, simulations, track data, test facility data, personnel information, car part lists and, according to Catchfence, “custom high-profile simulation set-ups valued at $2 million.”
And, most recently, ransomware stole headlines again after the University of Calgary was forced to hand over $20,000 after the school's computer systems were hijacked for nearly two weeks.
While this is just a small sample of the recent ransomware attacks to plague businesses, they prove one thing: Ransomware has the potential to become Public Enemy No. 1 for corporations.
In its 2016 cybercrime report "Hackerpocalypse: A Cybercrime Revelation," Herjavec Group, an information-security firm based in Toronto, said total cybercrime costs will soar from $3 trillion in 2015 to $6 trillion in 2021.
Among the key catalysts:
- Increased nation-state cyberthreats
- The growing "attack surface" - thanks, in part, to the proliferation of connected devices
- The shortage of cybersecurity "talent"
- The lack of adequate "awareness" training for employees
- And new threats - including ransomware
And the ransomware threat, specifically, is accelerating.
A Billion-Dollar Business - and Growing
According to the FBI, ransomware was on track to become a $1-billion-year criminal enterprise in 2016. Indeed, in the first quarter alone total ransomware payouts reached $209 million - up from $24 million for all of 2015.
Look, I know how mind-numbing big numbers can be.
So let's look at this threat from a couple other vantage points.
According to the U.S. Department of Justice, ransomware attacks have quadrupled since last year, coming at a rate of 4,000 a day. And the FBI says that the cost per incident is zooming, too - from roughly $10,000 per attack in 2015 to $333,000 now.
Increasingly, these cyber extortionists are targeting companies, says Marcin Klecynski, CEO of the cybersecurity company Malwarebytes Corp.
"In the last six to 12 months, [ransomware] has gone aggressively after the business environment," Klecynski said. "We see companies from 25 people all the way to 250,000 people getting hit with ransomware."
With a cyber epidemic this severe, there is a two-pronged defense strategy you can use to protect yourself.Today, most victims come from the healthcare sector, with more than 30% of all ransomware attacks targeting healthcare firms, followed by educational organizations (17%) and government sectors (16%).
The first, which I'm going to tell my subscribers more about in an upcoming Private Briefing report, is prevention. Being able safeguard your family from ransomware thieves is not only a hot-button issue - it's also a lucrative-and-growing market.
The second takes a more offensive approach: removal.
Cyberthieves are notorious for flipping the script when it comes to hacking. That's why when you look at a colossal cyberthreat like ransomware perpetrators, it takes more than just prevention to keep them at bay.
You need to understand the tools companies and individuals use to battle the threat. And you need to know which cybersecurity firms sell those tools.
Do that and you'll have found a way to cash in on the ransomware spending cycle that's going to ramp up this year.
This Is Simply the Best All-Around Profit Play Here
One of the challenges facing cybersecurity investors is the constantly changing "threat environment." New threats demand new solutions. And very often the cyber player that's "hot" in one environment because of its offerings is "replaced" by a different player in another.
Our ransomware play sidesteps that risk of being "out of step" with the market - by investing in a broader basket of cybersecurity stocks. Indeed, this recommendation is the PureFunds ISE Cyber Security ETF (NYSE Arca: HACK).
HACK is one of those "best of both worlds" profit plays. It lets you stake a claim to the high-growth cybersecurity market. And because you invest in a basket of stocks, it will "smooth out" some of the near-term volatility - and the risk of failure - that accompanies a single-stock investment.
And it should also let you sleep a bit better at night.
HACK benchmarks the ISE Cyber Security Index, "which tracks the performance of companies actively engaged in providing services for cybersecurity and for which cybersecurity business activities are a key driver of their business model. These cybersecurity services are designed to protect computer hardware, software, networks, and data from unauthorized access, vulnerabilities, attacks, and other security breaches," says PureFunds, which markets the ETF.
HACK holds about two dozen stocks - most of them smaller-cap firms with high growth potential. Some of the top holdings include...
- Vasco Data Security International Inc. (Nasdaq: VDSI), a Chicago cybersecurity firm whose stock we recently recommended.
- Palo Alto Networks Inc. (NYSE: PANW), another company whose shares we are looking at.
- Fortinet Inc. (Nasdaq: FTNT)
- Radware Ltd. (Nasdaq: RDWR)
- Symantec Corp. (Nasdaq: SYMC)
- FireEye Inc. (Nasdaq: FEYE)
Expect the Good Guys and the Bad Guys to Innovate
Now, I've recommended several other cybersecurity players to my paid-up subscribers. And I hope you join them - because this is a threat, and an investment "sector," you just can't ignore.
Like I said, ransomware became a billion-dollar "enterprise" last year. Here in the new year, ransomware assaults will grow in both number and complexity.
Indeed, as Wired reported in a story published earlier this week, this year "ransomware attacks are going to get bigger in every possible sense of the word."
This is a truly diabolical problem. Want an example of just how "extreme" this threat could get?
Check out this additional passage from the magazine story.
"A recent ransomware version called 'Popcorn Time'... was experimenting with offering victims an alternative to paying up - if they could successfully infect two other devices with the ransomware," the magazine reported. "And more innovation, plus more disruption, will come in 2017."
More ransomware attacks can only translate into more business for the firms that prove they can blunt the threat. That makes this a niche tech investors absolutely want to have money on in 2017.
About the Author
Before he moved into the investment-research business in 2005, William (Bill) Patalon III spent 22 years as an award-winning financial reporter, columnist, and editor. Today he is the Executive Editor and Senior Research Analyst for Money Morning at Money Map Press.