Ransomware: Are You Paying Attention?

If the news about ransomware in recent weeks hasn’t gotten your attention, then maybe the fact that its threat magnitude has grown 35X over the past year will jolt you into a state of awareness. Further, ransomware isn’t a threat confined to just a few industries or geographical regions; it is a global problem facing organizations—and even individuals—of all shapes and sizes.

The Magnitude of the Threat

Upwards of 4,000 ransomware attacks happen daily, infecting between 30,000 and 50,000 devices each month. The financial implications are skyrocketing. Ransom payments shot up from $24 million in 2015 to over $850 million in 2016, a number that most certainly will surpass $1 billion this year. The amount that criminals are demanding per attack is going up as well—more than doubling from $294 in 2015 to $619 in 2016.

Yet, the biggest threat from ransomware isn’t in the payment demands. It’s in the business impact. An astounding 20 percent of companies that have experienced a ransomware attack were forced to shut down their businesses. 63 percent of organizations indicate attacks led to business-threatening downtime. 48 percent said it resulted in the loss of data or hardware. And for those who acquiesced and paid ransom demands (42 percent of those affected admit they did so last year), one in four still never recovered their data. Additionally, with attacks increasingly targeting critical industrial control systems and healthcare infrastructures and devices, 3.5 percent indicated last year that lives were put at risk because of an attack. These are some scary numbers.

Digitization, the Cloud, and Ransomware

The linchpin for most ransomware attacks today is data. As companies digitize more of their assets, transition to a consumer-driven digital business model, and move more services to the cloud, the data target expands in scope. This has clearly not gone unnoticed, as cybercriminals are increasingly targeting this data. They infiltrate IT systems through hacks and then encrypt, lock, and exfiltrate files. They shut down operations and/or threaten to release private and confidential information. And with the emergence of Internet of Things (IoT), ransomware criminals are targeting control systems used for everything from vehicles to manufacturing assembly lines to power systems.

Are you thinking ransomware is only something large enterprises should worry about? If so, you’re wrong. Because small businesses often operate without the proper data protections in place, bad actors see them as a prime target and are increasingly turning towards them for attacks. The financial impact is huge. Downtime caused by ransomware costs small businesses $8,500 an hour—or $75 billion annually!

From Whence Does Ransomware Come?

The ransomware “bar” for cybercriminals is getting lower and lower. They no longer need to be experts in hacking and technology, but rather can easily and quickly acquire the tools needed to initiate attacks. The following are the most prevalent ways:

• Off-the-Shelf Ransomware. Some ransomware can be purchased as off-the-shelf software from the darknet marketplace and installed on a criminal organization’s own nefarious servers. Hacking and encryption of data and systems are then managed directly through the software running on the servers of the cybercriminal.
• Ransomware as a Service (RaaS). Just as the cloud delivers faster and greater agility for organizations using Software-as-a-Service (SaaS), it also is being used by bad actors to infiltrate, encrypt, and exfiltrate data and systems. This simplified ransomware model lowers the entry-point bar by providing non-technical criminals access to ransomware technology and services in exchange for an upfront use fee.
• Ransomware Affiliate Programs. You’ve heard of affiliate marketing? It’s a model that has become a highly effective marketing model. Ransomware developers have their own version, allowing potential cybercriminals to sign up as affiliates to gain access to a RaaS model that distributes the ransomware to their own list of targets in exchange for a share of the profits.

So, What Can You Do?

The threats posed by ransomware are real, and they continue to grow in scope and velocity. In a recent white paper, Fortinet outlined five things that organizations can do to thwart attacks:

1. Stop Known Threats. Basic security hygiene must include a layered security model that covers network, endpoint, application, cloud, and data center controls using proactive global threat intelligence.
2. Detect New Threats. Ransomware isn’t static. Instead, it constantly morphs and transforms. Here, sandbox and other advanced detection technologies can be used to detect and pinpoint variants across known and unknown threat vectors.
3. Mitigate the Unseen. Seek solutions that share real-time actionable intelligence between different security layers and vendor products in order to automatically detect and respond to sophisticated threat. Sharing threat intelligence needs to extend to entities within the external cybersecurity community.
4. Prepare for the Unexpected. Segmentation of network security protects against the wormlike behavior of ransomware by detecting and preventing malware from spread laterally across the network.
5. Back Up Critical Systems and Data. Organizations with recent backups stored off-network can repudiate demands for ransom by quickly and easily recovering their data and systems.

View our infographic below to read more about the Ransomware Landscape.

Download our entire white paper on “Mapping the Ransomware Landscape: Understanding the Scope and Sophistication of the Threat” for more information on the threat of ransomware and what organizations can do to thwart attacks.