Ransomware got its start in the late 1980s, but 2016 can rightly be called the year of ransomware. The most famous ransomware attack of 2016 was against Hollywood Presbyterian Medical Center in Los Angeles in March. The hospital paid a $17,000 ransom to decrypt its data.
Some interesting figures :
And most ransomware attacks consumers, not businesses. A recent IBM survey of 600 business leaders in the U.S. revealed that almost half of all businesses have been hit by ransomware. And of those, seventy percent have paid the ransom. In 2015, the average ransom was a few hundred dollars per user. According to the Trend Micro, at the end of 2016 the average ransom was over $700, with 20 percent of organizations reporting demands for over $1300. Even after paying the ransom, Trend Micro has found that one in five organizations never get their data back.
Ransomware can affect any type of computer. It became the biggest cyberthreat on Android devices in the first half of 2016 in the U.S., U.K., Germany, Australia and Denmark. According to Bitdefender, ransomware constituted more than half of the malware detected.
There are many reasons for the upswing in ransomware:
Some of the most publicized attacks in 2016 involved healthcare, but the problem is more widespread. A new report from BitSight declares education is the industry most likely to be hit, with 13% of educational organization slammed by ransomware. The report analyzed the cybersecurity performance of nearly 20,000 companies across government, healthcare, finance, retail, education, and energy/utilities.
Ransomware has hit about
The sector tends to have smaller budgets, and thus less up-to-date hardware and software.
Education normally has smaller IT staffs than other industries, so there are fewer software updates and security monitoring.
File sharing both within the institution and with outsiders is high compared with other industries. A BitSight report released earlier this year found that about 58% of academic institutions allowed file sharing on their networks.
Some security analysts believe that schools may be more likely to pay for the information to avoid HIPAA concerns and other regulatory violations. For example, In June, the University of Calgary paid a $20,000 CDN ransom after attackers encrypted its email system.
At the start of 2016, TeslaCrypt and Locky were the biggest ransomware threats, spread by spam attacks. It appears that many businesses affected by the onslaught beefed up their security. As a result, ransomware increasingly affected consumers as opposed to businesses as 2016 progressed.
Well-established ransomware such as CTB-Locker, CryptoWall and Shade were joined by Cerber, CryptXXX, and Locky. Locky has so far been spread across 114 countries. The year saw increasing variation in the construction of ransomware and the vectors used to deliver it.
There were new functions and threats added to ransomware as well. Ransoc has been tailored to gather information on the victim. Social media profiles and local files are probed, and users whose PCs contain questionable content are threatened with court action if they fail to pay the ransom. CryptXXX has a feature to gather Bitcoin wallet data and send it to the attackers. Some Cerber ransomware infects the victim’s computer with a botnet to carry out distributed denial of service (DDoS) attacks. Chimera threatens to post the victim’s files, including pictures and videos, on the internet.
The franchise model invaded the ransomware world. CTB Locker and Chimera offered its victims an opportunity to become an “affiliate”, with a 50 percent commission for selling the ransomware as a service. Popcorn Time ransomware waives payment from its victims if they try to infect a few friends.
The most significant anti-ransomware move was the foundation of the No More Ransom project. Kaspersky Lab, Intel Security, the National High Tech Crime Unit of the Netherlands' police, and Europol's European Cybercrime Centre formed the group. In October, law enforcement agencies from 13 additional countries joined the project, twelve in Europe in addition to Colombia. The project expanded further in December with 30 more members.
No More Ransom offers victims a Crypto Sheriff tool to determine the type of ransomware affecting their devices. If available, tools are then employed to decrypt the victims’ data. In December, 32 new decryption tools for various ransomware variants were added.
Most security experts think that in 2017 ransomware will continue to be one of the biggest security problems across computing devices. They foresee further mutation of coding, techniques, and delivery mechanisms. From an insurer’s point of view, the Beazley Breach Insights report predicts ransomware attacks against businesses will be four times higher in 2017 than last year. It is predicted that attacks will peak in mid-2017 and then start to fall off for a combination of reasons:
Some analysts see the Internet of Things (IoT) as the next big target. McAfee predicts that ransomware will attack Internet-enabled medical devices. More than a few security experts believe that cars will be held for ransom in 2017. Attacks on IoT have already begun; consider the San Francisco Muni event at the end of 2016. But the Federal Trade Commission and the Federal Communications Commission declared in December that IoT security will be a top enforcement priority for 2017. This decision was made after the recent DDoS attacks against Dyn, causing outages of many popular websites.
An interesting forecast was made by Wendy Nather, research director at the Retail Cyber Intelligence Sharing Center, in an SC Magazine article (https://www.scmagazine.com/ransomware-2017-dead-or-alive/article/577732/ ). She is dreading the advent of “integrity attacks” where cybercriminals alter an organization’s data. “The more insidious prospect would be for a criminal group to claim that they made such an alteration, but actually didn't,” she says. “It's almost impossible to prove a negative, but it will tie up the victim nonetheless as they try to confirm or deny it.”
In terms of the network security landscape it’s been a bumpy ride in 2016, and ransomware will continue to provide some further bumps for 2017. In 2017, ransomware will become more virulent and widespread. The ransomware epidemic will continue to grow exponentially.
As the number of ransomware families explodes and new variants come out at a rapid pace criminals are expected to collect at least $5 billion in 2017. A rigorous data protection program that includes the routine creation of on-premise, cloud and offline backups will remain the only effective mechanism for defeating ransomware attacks.
Call us on USA +1 813 304 2544 or IRL +353 91 545555Contact Us