Ransomware Threat on the Rise

Ransomware Threat on the Rise

 

The threat of ransomware is increasing, with one in five businesses worldwide experiencing an attack in 2016.1 Strikes on businesses now occur every 40 seconds and the trend is expected to escalate.2 What’s more, Kaspersky Labs reported that 42% of small and medium-size businesses were hit with a ransomware attack in 2016.3

The main perpetrators of ransomware attacks are organized crime syndicates operating on the “darknet.” Most attackers use phishing emails to enter a company’s network. These emails appear to be legitimate, but they contain malicious software in links or attachments (Excel or Word documents, pdfs, photos, videos or audio files). Although most ransomware enters a company network through email, it also can be found in files on USB devices.

Once an employee unwittingly opens the email, link or attachment, the ransomware quickly infiltrates a company’s systems and gains control of critical business data or computers. The fraudsters employ encryption to prevent users from being able to access their files until the company pays a ransom for the release key.

Ransom for the decryption of files typically ranges from $300 to $2,500 per incident.4 Payments for “doxing” — where an attacker threatens to publicly release company data or sensitive customer information online — can run much higher.5 Unfortunately, making payments that comply with fraudster demands often can backfire by making the company a target for repeat attacks. Once ransomware enters a company’s system, it can be self-propagating and trigger a repeat incident.

Whether or not ransom is paid, a ransomware attack exacts a severe financial toll on a company. Recovery costs can run up to $99,000 for small and medium-size businesses.6 In addition to investing in new security services and technology, companies lose productivity due to downtime while systems and data are replaced or recovered. Customers may be lost due to a lack of confidence in the company’s security protocols and inefficiencies during the recovery period.7

Cerber, Locky and CryptXXX are the most widespread types of ransomware and new modifications are constantly being created. Microsoft reported that Cerber accounted for more than 25% of company infiltrations between mid-December 2016 and mid-January 2017.8

         Coming soon: Look for the second installment in our series on ransomware, which will discuss steps companies can take to protect their systems and data and reduce their risks.

 

---

1. “Business Perception of IT Security: In the Face of an Inevitable Compromise,” IT Security Risks Report 2016, Kaspersky Lab. Executive summary available at: https://business.kaspersky.com/security_risks_report_perception/

2. “2017 Ransomware Trends and Forecasts,” by Jonathan Crowe, Barkly blog, January 2017. Available at: https://blog.barkly.com/new-ransomware-trends-2017

3. “The Cost of Cryptomalware: SMBs at Gunpoint,” a Corporate IT Security Risks Special Report by Kaspersky Lab, Sept. 7, 2016. Available for download at: https://business.kaspersky.com/cryptomalware-report-2016/5971/

4. Ransomware averages noted in: “The Rise of Ransomware,” a study by the Ponemon Institute, January 2017, page 1. Available for download at: http://www.ponemon.org/library/the-rise-of-ransomware; and “The Cost of Cryptomalware: SMBs at Gunpoint,” a Corporate IT Security Risks Special Report by Kaspersky Lab, Sept. 7, 2016. Available for download at: https://business.kaspersky.com/cryptomalware-report-2016/5971/

5. “2017 Ransomware Trends and Forecasts,” by Jonathan Crowe, Barkly blog, January 2017. Available at: https://blog.barkly.com/new-ransomware-trends-2017

6. “The Cost of Cryptomalware: SMBs at Gunpoint,” a Corporate IT Security Risks Special Report by Kaspersky Lab, Sept. 7, 2016. Available for download at: https://business.kaspersky.com/cryptomalware-report-2016/5971/

7. “The Rise of Ransomware,” a study by the Ponemon Institute, January 2017, pages 2-3. Available for download at: http://www.ponemon.org/library/the-rise-of-ransomware

8. “Cerber Ransomware Owns the Market,” by Larry Loeb, Security Intelligence blog, April 17, 2017. Available at: https://securityintelligence.com/news/cerber-ransomware-owns-the-market/