Ransomware has really captured the imagination of the public and, being truthful, it is a dream topic for me, a journalist – it is evocative, conjuring up images of ransom notes with miss-matched lettering and harkening back to Hollywood movies with kidnapping plots and explosions.
It is not, however, just the public who has become captivated with ransomware, businesses too are now scrambling to protect themselves from this growing cyber threat. But as ransomware continues to grab headlines worldwide, is the focus on this particular strain of malware justified? Or is it acting as a smoke screen, drawing the focus away from the more dangerous threats targeting today’s enterprise?
Let me be clear, ransomware is a serious problem and should be taken seriously by businesses. You only need look at some of the figures accompanying the aforementioned headlines to recognise the growing danger of this particular threat.
In January 2016, ransomware accounted for 18% of global malware payloads via spam and exploit kits. Fast-forward 10 months and Malwarebytes found that ransomware had skyrocketed to account for 66% of malware payloads – a staggering 267% increase.
This surge in growth can be attributed to how easy ransomware is for hackers; for $39 you can buy complete Ransomware as a Service solutions on the dark net, which require little technical know-how to deploy. Not only is it easy to stage an attack, but ransomware is incredibly lucrative – a $1 billion dollar business according to the FBI.
Proofpoint’s Adenike Cosgrove told CBR: “Ransomware has proven to be a successful business model with attackers collecting more than $209 million from victims during the first three months of 2016 alone, and the volume of attacks was ten times higher than all of 2015. Ransom amounts have tended to be relatively fixed at $300-$1k per machine. As long as the return on investment remains high for attackers, it seems likely that ransomware will continue to be a significant threat.”
Ransomware certainly knocks businesses for six – locking systems and data, ransomware is something that cannot be ignored. It flashes on the screen and demands not only attention, but payment. Recent research found that over half of UK businesses pay the ransom – what with data the oil of this digital world, businesses rush to unlock ransomed data or systems no matter the fact that there are no guarantees that the hacker will release what has been ransomed on receipt of funds.
The same Malwarebytes report found that 40% of companies with an average of 5,400 employees across the U.S., Canada, U.K. and Germany had experienced a ransomware attack. Of these victims, more than a third lost revenue and 20% had to stop business completely.
“Whether companies choose to pay the extortion or not, the real cost of ransomware is downtime and lost productivity,” Imperva’s Terry Ray told CBR.
“Even if victims have backup files or are willing to pay the ransom, the cost associated with productivity downtime adds up quickly. What’s more, the availability of ransomware-as-a-service combined with high profits for the attackers means ransomware attacks are likely to escalate in 2017.”
The stats and figures associated with ransomware make for grim reading, with many predicting that ransomware will only continue its upward trajectory – but are we right to regard it as the number one cyber threat to businesses today?
There is no denying that ransomware has turned the cyber landscape upside down – where once attackers prioritised stealth, wanting to go undetected, now they are unabashed with smash and grab ransomware attacks.
However, and this is a crucial point – if ransomware has successfully infiltrated your organisation, what other attacks do you not know about? Hackers who rely on companies failing to detect their attacks have not suddenly stopped, with ransomware potentially distracting the business while the crown jewels are being stolen.
“If [a business]has had 20 ransomware instances in the quarter, it means that they have had at least 20 stealth infections that they do not know about,” said Bromium President and co-founder Ian Pratt in a recent CBR interview.
“Ransomware is the thing that people are aware of, but actually it really isn’t going to be the most damaging thing, especially for a company with intellectual property. Stealth attacks cost you the real money.”
The real money that Pratt talks about is most often than not that oil of the digital age again – data. While script kiddies launch ransomware attacks to disrupt and extort, data theft can go undetected for years and hit not only the victim’s wallet, but also its brand, reputation and customer base.
“Looking at the enterprise, I see data theft as a top threat. Ransomware gets attention because it tends to be a noisy attack given that the attacker must notify the victim to get paid. Data theft requires the victims to find out for themselves they’ve been attacked, which can take years,” Imperva’s Terry Ray told CBR.
“The recent Yahoo breach of over a billion records going undetected for years is a clear sign that companies are not equipped to detect an internal attack on data resources, especially databases.”