As you can imagine, ransomware has become a big business for cybercriminals. Here are some quick numbers to give you a picture of just how big it has become:
- In 2016, the rate of ransomware infections increased 500% in 8 months.
- On average, a ransomware variant will infect between 30,000 – 35,000 devices in a month, with some variants reaching up to 150,000 infections.
- There were 50 new variants of ransomware developed each month during the first six months of 2016
- During that same time period, one unknown ransomware actor (individual or group) made $94 million in profit
- Cerber ransomware brought in $195,000 in payments in July 2016
- Ransomware profits are expected to reach $1 billion in 2017
Ransomware activity is fueled by innovated, entrepreneurial criminals. There are a handful of reasons why this type of crime is so lucrative and widespread:
- There are multiple ways to infect a victim, including email links, email attachments, website exploits, social media campaigns, compromised business applications, and USB drives for offline infection.
- Mass email infections are cheap and easy, and there's a relatively low risk of getting caught.
- Ransomware-as-a-Service (RaaS) makes it easier for new people to get into the business of extortion. The Cerber ransomware variant mentioned above is the world's largest RaaS, and the Satan RaaS we talked about last week is designed for absolute beginners.
- Many businesses simply aren't willing to lose files to encryption, or they are unprepared to recover from an attack. It's often cheaper and easier to pay the ransom.
At this point in the lifespan of ransomware, it's prudent to assume that it's not a matter of if you will be attacked, but when. There's no reason to think that it can't happen to you. Hospitals, police departments, governments, and educational institutions have all been attacked. And while you may be one of the people who think you aren't important enough to be targeted, remember that most of these criminals aren't looking for any particular type of victim. They simply distribute their ransomware and wait for it to call home. Or in the case of offline ransomware like Zepto, they don't need it to call home. They simply distribute the files and see if someone makes a payment.
We've talked before about using proper data protection strategies to protect yourself from ransomware. This is important because if there's no free online decryptor for your files, you will want to be able to restore them from backup so that you don't have to pay the criminal. Still, the best thing you can do is deploy multiple layers of security throughout your infrastructure and make sure your end-users are aware of the risks. According to a recent survey, less than half of ransomware victims fully recover all of their data after restoring from backup. This is largely due to user error on the backup configuration, or backups getting encrypted before the IT department finds the infection. Additionally, you may inadvertently leak sensitive data to an outside party during the restoration or decryption process, exposing yourself to further types of financial loss.
Ransomware is going to remain a threat for a long time, but defending your organization can be as simple as 1-2-3. See how Barracuda can help you protect your company from ransomware in three simple steps.
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology and project management credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.
Connect with Christine on LinkedIn here.