The saying “crime doesn’t pay” doesn’t seem to apply to the ransomware business. Despite the FBI’s recommendations against paying ransom demands, ransomware raked in an estimated US$1 billion in 2016. Attackers are capitalizing on this success with bolder demands, averaging US$1077 last year per incident in comparison to just US$294 in 2015 (CSO Online, Report: Average Ransomware Demand…, 2017). One of the reasons for this steep increase could be because tools such as ransomware-as-a-service (Raas) provide subscribers with curated statistics on how much victims are willing to pay by region.
Ransomware developers are finding better ways to deceive users and evade security defenses. Readers used to be able to identify suspicious emails because they were poorly written and contained spelling or grammatical errors. Today, however, professional copyediting services are available on the dark web to assist attackers in the creation of emails that appear more legitimate.
Instead of targeting single devices, new ransomware varieties can recruit infected machines into a botnet to spread malicious code across networks or propagate throughout a network on their own, similar to a computer worm.
One of the most notable ransomware trends of 2016 was the shift in attackers’ focus from individual consumer devices to targeting businesses. Historically, there has been a misconception that cybercriminals only target large enterprises so many small and medium size business owners have not prioritized ransomware prevention. The truth is that businesses of all sizes and across all industries are falling victim to ransomware, and of those have fallen victim, 48% have paid the ransom (Ponemon Institute, Rise of Ransomware, 2017).
2017 Global Threat Intelligence Report, NTT Security
Some businesses have made the strategic decision to mitigate their risk by purchasing ransomware insurance. The fact that they feel the need to take such steps indicates how serious a threat ransomware has become—as well as demonstrates how much power is being held by the cybercriminals who are sophisticated enough to craft new exploits.
These are just a few of the industries that have made the news due to ransomware attacks:
Security teams recognize that ransomware threats are not slowing down and that current technologies are not sufficient to block all attacks. Businesses are responding by no longer allowing themselves to be sitting targets and by finding ways to fight back. They are investing in more sophisticated next-generation protections that capture more ransomware samples than their predecessors and boast increased detection and prevention rates. In addition, more businesses are partnering with law enforcement to find and disrupt cybercriminal networks, where in the past, companies avoided this practice to prevent bad publicity. Finally, security vendors, business owners, and law enforcement agencies are sharing threat intelligence in an attempt to even the playing field against the well-connected cybercriminal community.
Regardless of industry, continuous validation of security controls is key in a business’s ability to defend itself against cyberthreats of all types, including ransomware. To see how your defenses stack up against today’s active threats, check out NSS Labs’ CAWS Cyber Threat Protection Platform.
Follow us on Twitter (@NSSLabs) to keep informed as new research is released.