It’s estimated that Ransomware costs will climb to roughly $11.5 billion in 2019, according to CSO Online. The frequency of attacks continues to increase as well. According to a report on Ransomware, these attacks occurred once every 120 seconds in early 2016. By 2017 this spiked to an attack occurring every 40 seconds. In 2019, the frequency is expected to grow to an attack happening every 14 seconds. Malwarebytes reported that 22% of businesses hit by Ransomware were forced to halt all business operations and Symantec recorded an average of 1242 Ransomware detections per day. It seems as though Ransomware attacks show no signs of slowing down any time soon.
But today, cyber attackers have taken this phenomenon to even newer heights. From the comfort of their own homes, without any physical contact, they are able to launch virtual kidnappings of valuable digital assets and hold them hostage in exchange for money. Of course, “digital-napping” cannot compare to the agony of a threatened life that comes with traditional kidnapping. However, as technology more critically integrates with physical systems, the cross-over between cybersecurity and safety inherently increases the potential impact of cyber-attacks on human wellbeing. For example, holding hospital systems hostage or shutting down an electrical grid for ransom can ultimately lead to similar life-threatening circumstances.
This isn’t new. The daunting cyber-attack method first surfaced in the 80s, has grown significantly over the last 3 decades, and doesn’t appear to be letting up anytime soon. Here are a few reasons why ransomware is still a danger to companies in 2019:
“Ransomware-as-a-service” is now a thing.
Ransomware is a common cyber-attack mechanism where, as the name implies, cybercriminals hold valuable assets hostage and request payment for their safe return. There are many variations of these types of attacks, but the common goal is usually to extort companies or users for money. For example, an attacker may encrypt all of your data and ask for payment in exchange for the decryption key. Without the key, your operations could end up crippled. They may hack into your account, change the password, and replace your password recovery email address with their own so that you no longer have control over your account. They may deface your website and block your access to make changes, damaging your reputation. The methods used to execute these attackers vary based on the target of the attack and the skills or resources possessed by the attacker, but the goal is simple – force companies and users to pay for the return of their beloved assets.
There’s an added trend in this space that serves as a convenience to criminals and creates a greater challenge for companies. Attackers don’t have to spend their precious time building these attacks anymore. With the increasing popularity of “Ransomware as a Service” providers, the attacks are easier than ever to launch and often deliver lucrative payouts, giving cybercriminals no incentive to slow down on the attacks. Cryptowall is an attack campaign that, for example, generated $320 million in revenue for assailants. These attack services can be purchased on the dark web for under $50 in some cases, and the return on investment can be massive when the attacks are successful.
Entities continue to fold and pay the ransom.
In dealing with a “digital-napping” ransom case, a common question arises. “Should we pay the ransom?” Generally, the sentiment is no for several reasons. First, paying doesn’t guarantee you’ll get your data back. Second, if you’re successfully extorted once, expect it to happen again once attackers realize that you are indeed willing to pay.
Though this is common knowledge, companies still cave in and pay the ransom to get their systems up and running as quickly as possible. For multi-billion-dollar corporations, an attacker asking for $100,000 in ransom may be easier to pay than taking time to fight or negotiate. For smaller companies, $100,000 can be a big deal thus increasing pressure on those entities to ensure they are well equipped to prevent and respond to such attacks.
It’s not just to the price of the ransom that hurts.
When people think about the cost of a ransomware attack, they may automatically think about the asking price of the attacker. Hopefully, once paid, everyone can move on with business as usual right? Unfortunately, the answer is no. Like most cyber-attacks, the indirect costs often well exceed what’s seen at face value. Other costs associated with ransomware attacks can include a loss in productivity and losses associated with system downtime. If, for example, a company has a system that generates $100,000 in revenue per hour and it’s down for 5 hours due to a ransomware attack, that’s a half a million-dollar loss in addition to the ransom should you decide to pay.
Additional losses can be incurred from restoration efforts or loss of data that can’t be recovered. If any irrecoverable data now needs to be recreated, that will also increase your total price ticket. Like any other attack, there are also general costs associated with digital forensics and investigation costs, implementing new technologies or changes to prevent future incidents, training employees or consumers in response, and the potential blow to the company reputation should the attack be publicized.
In today’s technology environment, “digital-napping” or ransomware attacks have become a common and effective method of extortion. For the criminals, it’s much more scalable, requires less effort to hold systems hostage instead of people, and remains a lucrative option as companies continue to pay up. For these reasons, ransomware attacks are here to stay in 2019. Companies, large and small can mitigate the risk of these seemingly inevitable incidents by building robust security programs that incorporate Ransomware protection software capable of preventing and responding to ransomware attacks.
Insider Risk – How Prepared Are You?
Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.