As you can imagine, ransomware has become a big business for cybercriminals. Here are some quick numbers to give you a picture of just how big it has become:
- In 2016, the rate of ransomware infections increased 500% in 8 months.
- On average, a ransomware variant will infect between 30,000 – 35,000 devices in a month, with some variants reaching up to 150,000 infections.
- There were 50 new variants of ransomware developed each month during the first six months of 2016
- During that same time period, one unknown ransomware actor (individual or group) made $94 million in profit
- Cerber ransomware brought in $195,000 in payments in July 2016
- Ransomware profits are expected to reach $1 billion in 2017
Ransomware activity is fueled by innovated, entrepreneurial criminals. There are a handful of reasons why this type of crime is so lucrative and widespread:
- There are multiple ways to infect a victim, including email links, email attachments, website exploits, social media campaigns, compromised business applications, and USB drives for offline infection.
- Mass email infections are cheap and easy, and there's a relatively low risk of getting caught.
- Ransomware-as-a-Service (RaaS) makes it easier for new people to get into the business of extortion. The Cerber ransomware variant mentioned above is the world's largest RaaS, and the Satan RaaS we talked about last week is designed for absolute beginners.
- Many businesses simply aren't willing to lose files to encryption, or they are unprepared to recover from an attack. It's often cheaper and easier to pay the ransom.
At this point in the lifespan of ransomware, it's prudent to assume that it's not a matter of if you will be attacked, but when. There's no reason to think that it can't happen to you. Hospitals, police departments, governments, and educational institutions have all been attacked. And while you may be one of the people who think you aren't important enough to be targeted, remember that most of these criminals aren't looking for any particular type of victim. They simply distribute their ransomware and wait for it to call home. Or in the case of offline ransomware like Zepto, they don't need it to call home. They simply distribute the files and see if someone makes a payment.
We've talked before about using proper data protection strategies to protect yourself from ransomware. This is important, because if there's no free online decryptor for your files, you will want to be able to restore them from backup so that you don't have to pay the criminal. Still, the best thing you can do is deploy multiple layers of security throughout your infrastructure and make sure your end-users are aware of the risks. According to a recent survey, less than half of ransomware victims fully recover all of their data after restoring from backup. This is largely due to user error on the backup configuration, or backups getting encrypted before the IT department finds the infection. Additionally, you may inadvertently leak sensitive data to an outside party during the restoration or decryption process, exposing yourself to further types of financial loss.
Ransomware is going to remain a threat for a long time. If you're new to ransomware defense, take a look at this 10-point checklist (pdf) our team designed to help you get started. When you're ready to learn more about Barracuda solutions for ransomware, visit our corporate site here.
Donâ€™t Fall Victim to Ransomware
Cyber criminals exploit a variety of vulnerabilities like email, network traffic, user behavior, and application traffic, to insert malware. Protecting yourself from a vulnerability through one of these vectors is a good start, but without a comprehensive security strategy that secures all vectors, from all the advanced threats, you are almost certain to fall victim to these devastating attacks. Simply put, cyber criminals are indiscriminate in their targets, and will gladly extort your data for a hefty ransom.
Barracuda offers powerful tools to detect advanced threats and vulnerabilities already lurking in your infrastructure. Barracudaâ€™s comprehensive portfolio of solutions works together to help you detect, prevent, and recover from ransomware attacks.
Watch our on demand recording to see the innovative ways Barracuda can help you take a proactive approach to mitigating risks.