Ride the Lightning

Ransomware: Bigger, Badder and More Expensive

May 1, 2017

Last week, I read a story from Computerworld and another story from Dark Reading. They weren't exactly full of good news about the scourge of ransomware.

Computerworld reported that hackers spreading ransomware are getting greedier. In 2016, the average ransom demand to provide the decryption key for encrypted data rose to $1,077, up from $294 the year before, according to a report from security firm Symantec. Symantec also reported a 36% increase in ransomware in 2016 from the prior year. We are aware of small law firms that paid $1200 and $3000 to get their data back – the damage being furthered by the length of time it took to restore the data.

In 2016, consumers made up 69 percent of all ransomware infections, with the remainder targeting enterprises, according to Symantec.

Helping to fuel the ransomware boom is the digital black market, where hackers can sell ransomware kits for as little as $10 and as much as $1,800, making it easier for other cybercriminals who can't code to get a piece of the action.

Cybercriminals also spread ransomware through exploit kits, or automated hacking toolsets, that operate on compromised websites. The kits can work by scanning a victim's web browser for any unpatched software vulnerabilities and then exploiting them to serve ransomware.

Symantec's report found that 34 percent of victims pay the ransom. However, only 47 percent of that number reported getting their files back.

Dark Reading reported that about 40% of small and midsized businesses hit with ransomware paid their attackers, but less than half got their information back. This data came from a Bitdefender survey of 250 IT pros working in small and medium businesses (SMBs).

The survey, conducted by Spiceworks, discovered that one in five SMBs was hit with a ransomware attack within the past 12 months. Of the 20% targeted, 38% paid attackers an average of $2,423 to release their data. Less than half (45%) got their information back. As we often say, there seemed to be honor among thieves for a while, but it is evaporating.

SMBs represent a growing pool of victims as attackers seek weaker targets. Larger businesses have strongly engineered backup and high level security tools. Researchers found SMBs are appealing targets for ransomware because they handle the same sensitive business information (customer data, financial records, product info) as larger organizations, but lack the strong security measures to protect it. Attackers know they're more likely to receive payment from SMBs, which have more sensitive data than consumers.

E-mail, cited by 77% of SMBs, is the most popular vector of attack. Cybercriminals use email to entice victims to open or download attachments, or click malicious links, reported 56% and 54% of SMBs, respectively. Nearly one-third (31%) of attacks occurred via social engineering.

Most SMBs hit with ransomware attacks were able to mitigate the attack by restoring data from backup (65%), or through security software or practices (52%). One-quarter of those targeted could not find a solution to address the problem and lost their data as a result. Since our clients are largely SMBs, I can affirm that they are more vulnerable – and sometimes resist a well-engineered backup system because they don't fully appreciate the danger and are resistant to the costs – which tend to seem minor once they've become a ransomware victim.

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
http://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson