Ransomware is a type of malware that encrypts and/or locks down data on either a single computer or a whole network. It then demands a payment, often in bitcoin or with other type of untraceable method, in exchange for decrypting the data. In some cases, the ransomware doesn’t encrypt the data but threatens to publish the it should the ransom not be paid.
How does Ransomware spread?
One of the most common ways for ransomware to get into a system is by phishing emails that contain malicious attachment. If these attachments are opened/downloaded the malware they contain can take over the victim’s computer. In other cases phishing is used to obtain a user’s password and login information. These are then used to get into the system and put the malware in place.
Ransomware can also come through downloads on hijacked sites. If a site has been hijacked it will often ask the user to download something. This is one way to recognise that a usually harmless website has been compromised. Ransomware can also get into a system if a user clicks on pop-ups.
Depending on the malware, the user might not have to be tricked into giving any sort of administrative access for it to spread and take control of the system. However, many malicious attachments rely on social engineering in this regard.
Unfortunately, there have also been cases of highly advanced ransomware relying on security holes that have yet to be patched (even if the patch is already available). This malware could spread between computers without any user interaction. This is why everyone should keep their software updated at all times.
How high is the ransom?
The amount ransomware asks for can range from a few dollars or euros up to hundreds of thousands. This depends on the scope of the encryption and the spread of the malware. The average ransom demand in 2018 was 1,077 USD.
A small ransom might be easier to pay which means more people end up paying it. This can earn the cyber criminals millions if they are successful. For this reason, the amount cyber criminals ask for is often kept low enough so individuals and companies can afford them. The result is a higher number of paying victims.
For a Fortune 500 Company, 30,000 USD might not seem a high price to pay for the return of precious and sensitive data. However, if the cyber criminals manage to infect only half of those companies that would mean millions of dollars for them. This money is believed to fund more cyber attacks, drug cartels, terrorism, warfare or something even more sinister.
The actual cost of a breach
For organisations of all sizes the smallest cost may be paying the actual ransom. The real cost of ransomware attacks is what follows, whether a company pays the ransom or not. The cost of remediation, penalties and recovery of data is estimated on average $3,6 million. And this amount does not factor in the damage to the company’s reputation and loss of business or productivity.
Over the past two years ransomware attacks have increased over 97% and, on estimation, a new business will fall victim to ransomware every 14 seconds in 2019.
After becoming infected with ransomware, company productivity is halted, maybe even for several days. Because of this impact companies are more likely to pay the ransom, simply to keep their business going. Of those organisations hit with ransomware, 34% took a week or more to regain access to their data. (Source: Kaspersky)
The bottom line should be considered when deciding to spend or not to spend on cyber security training. Training may cost a few dollars or euros per employee but the actual cost of a security breach is much higher. We’ve already mentioned the cost of repairs, damage to reputation and loss of data. However, stock prices take a serious hit too. The initial drop in stock prices can be considerable but will usually bounce back in time. However, if a company has been breached before a second cyber attack could prove devastating as both the consumers and the stock market will loose faith in the organisation.
Should companies pay the ransom?
According to the FBI and the general policy in the US: No. Statistics show that only about 3% of organisations in the public sector in the US pay ransoms when they are attacked. Despite FBI’s and Homeland’s advice against it, 45% of US companies hit with a ransomware attack paid up. Unfortunately, only a meager 26% of those had their file unlocked. As stated before the real cost is what usually follows a breach.
In addition to these statistics 73% of the companies that paid to have their files unlocked were attacked again. Paying a ransom is therefore not just a one time thing if organisations do not invest in cyber security training for their employees and a cloud-based next-gen antivirus software. In addition to this, systems need to be updated and the necessary patches set in place to avoid the technical environment that made the first breach possible.
Who is a target?
Both individuals and companies can be a target for ransomware. Individuals are more likely to become victims to a type of ransomware known as leakware. That is when the malware threatens to expose their sensitive data and photos to the world.
Since the dawn of ransomware in the 1980’s, cyber criminals using this method have realized that targeting companies is the most successful way to go. They have also realized that targeting companies on the Western Hemisphere, i.e. high-income countries, is the most lucrative. Small and medium businesses are especially vulnerable as they often haven’t implemented the cyber security protocols and awareness training that bigger companies have. They also have smaller budgets and are more sensitive to a financial hit. Many of them are forced to close shop after a ransomware attack.
The healthcare industry is in a particularly sensitive position. Ransomware attacks can hit organisations especially hard as the healthcare industry deals with a lot of sensitive data and equipment. These attacks can even have fatal consequences. Furthermore, the healthcare industry is ill prepared due to lack of funds to spend on cyber security and awareness training. For this reason, they have been a popular target among cyber criminals for the past years. In 2018, almost half of the ransomware attacks reported involved healthcare companies.
In addition to healthcare, the financial sector is a special target and over 90% of all financial institutions experienced ransomware in 2018. That does not mean that all attempts at a breach were successful, but simply that financial organisations are a highly sought-after target for cyber criminals.
Preventing ransomware attacks
Many ransomware attacks can be stopped by using software that blocks known ransomware from launching. Unfortunately, this doesn’t stop the newest forms of ransomware from taking hold. They key to effective ransomware defense is continuous cyber security awareness training. Whether for individuals or employees of large organisations, cyber security awareness is fundamental.
Because most ransomware gets in through phishing scams and downloads on hijacked sites the human element can be the most helpful or the most harmful in the spreading of it. Well trained humans create an added barrier that cyber criminals will have a hard time getting through.
Minimizing the damage
Several precautions can be made against ransomware. If the malware is discovered early and removed before it finishes its setup it could stop further damage. However, some of the data would be lost.
One of the best procedures for businesses is keeping a backup of important documents. These backups are stored in a location that is not accessible to any potentially infected computer, such as external storage drives or devices that are “off the grid”.
The No More Ransom Project is dedicated to helping organisations and individual unlock, at least some, encrypted files. They might be able to help if you have suffered a ransomware attack with certain types of malware.
Small, big, public or private – every organisation needs to take precautions against cyber crimes.