The meteoric rise of the problem stems from a lack of preparedness and simple economics.
Ransomware is perhaps the most ingenious cybercrime in the history of the Internet in terms of its simplicity and effectiveness. It has caused absolute terror in nearly every industry, affecting almost 50% of organizations in 2016, and is considered one of the top cyberthreats to the enterprise for 2017.
According to the FBI, ransomware — malware that holds systems and data for ransom — cost victims $209 million in the first three months of 2016, yet totaled only $24 million in all of 2015. This astronomical rise in ransomware is motivated, in large part, by a lack of preparedness. And the problem will get worse before it gets better. But in order to understand the rise of ransomware, you need to understand its economics.
The Business of RansomwareTraditional data from major breaches is starting to be worth less and less as the black market gets flooded with stolen records. Got your credit card stolen? Just call a toll-free number and the problem is fixed in minutes. Even the cost of prized electronic healthcare records is down 50% to 60% from last year. This means supply is exceeding demand. But at the same time, the price per ransom has continued to climb, and much of the data being ransomed is completely worthless on the black market.
Innovations in online payments have also helped pave the way for the current ransomware epidemic. Similar to how some sites are the middlemen for sellers, Web-based “businesses” started to appear in early 2016 to act as proxies for data extortionists to post sensitive stolen data to add urgency to payment demands, sell the stolen data to a third-party, or utilize it in other ways. These Web vendors use a “Business 101” approach by providing an easy Bitcoin-based payment interface — currently worth $768 each (at the time of writing this) — and take a cut of every payment.
Popularity Breeds PandemicBecause of ransomware’s massive success, its creators are pushing new technologies to their limits, with the potential to infiltrate every data storage device between the Internet and any given company. And with the massive success of Mirai — the Internet of Things botnet that took down a portion of the Internet last fall — connected devices are poised to become the next big target, translating into even more ransomware. We are entering an age of ransomware that attacks smart homes, connected cars, and healthcare. Based on the recent ransomware attack on the San Francisco Municipal Transportation Agency (SFMTA), we may already be there.
Ransomware itself isn’t the vehicle of an attack; it’s merely the infection mechanism. As ransomware rapidly evolves, it has never been easier to commit this crime, with a return on investment as high as 1,425% and a low level of risk. And as it proliferates, ransomware has forced the enterprise C-suite to learn there is no guarantee of prevention. The only true recourse is recovery.
Back Up Often, Recover QuicklyThe ill-prepared organizations that continue to pay ransomware fuel its growth. With each successful ransom, bad actors become more emboldened, more innovative, and more profitable.
But not everyone gives in. Consider the recent attack on the SFMTA. The agency not only didn’t pay the ransom, it never even considered it! With a backup and recovery strategy in place, the SFMTA had all affected computers up and running within a few days. This best practice echoes what the FBI has been urging businesses to do for years: regularly back up data and verify the integrity of those backups. Just as important, ensure that backed-up files aren’t susceptible to ransomware’s ability to infect multiple sources and backups.
The ransomware problem will get worse for businesses before it gets better, but there is some good news. According to a McAfee report, initiatives like No More Ransom! will start to slow attacks, leading to a significant drop-off in ransomware during the second half of 2017. Until then, companies need to put easy-to-use intuitive systems in place to mitigate risks and squash attacks, such as real-time recovery backup solutions in a cloud service provider. If you stop feeding the beast, ransomware will cease to exist.
Rick has more than 20 years of deep information security experience. Prior to joining Code42, Rick was VP and chief information security officer at eBay, led and built a variety of global security programs at Apple, and directed global security at Lam Research. Rick is … View Full Bio