First off – what is it?
Simply speaking – ransomware is software. It is a type of malware or virus. A malicious threat actor gains access to a computer system. It typically locks the user out of their files or programs and then demands payment from the user in order to regain access to the computer or its files.
How many users are affected?
Some sort of cybercrime damaged 32% of all U.S. organizations in 2016.
Ransomware attacks increased 350% from 2016 to 2017.
What does it cost?
In 2017, victims incurred $5 Billion in ransomware damages. Experts predict that cybercrime will globally cost $6 Trillion in annual damages by 2021.
Some ransom demands are as little as $500.00 per computer, but can be in the thousands. According to a few different reports, the average ransom demand is growing to around $1,000.00 per computer. Even though this price tag seems relatively low, the more users affected can multiply that cost quickly. The real loss of revenue, though, is loss of productivity.
Am I vulnerable?
Some of the Highest Targeted Industries:
- 48% of Construction and Manufacturing Firms
- 28% of Healthcare Companies
- 24% of Legal Services Companies
To no ones’ surprise, the dominant operating system targeted is Windows. 100% of surveyed Service Providers said that all of their Windows customers were targeted by ransomware, compared to only 3% of Mac OSX, Linux and Android systems. Mobile attacks are also on the rise, from 3% up to 4% in 2017.
Software As A Service (SAAS) Apps are also at risk. Salesforce and Box were below 10%, but G Suite was 21%, 32% for Office365, and (a highly concerning) 76% of Dropbox users were infected.
Am I still vulnerable?
Unfortunately, almost 1/3 of ransomware victims report they later discovered the virus remained after they paid the ransom - only to be attacked again.
What can I do to protect myself?
No single solution can protect everyone from every threat, but a layered approach is the best recipe. 94% of victims had an end-point anti-virus software in place that was bypassed. This does not mean that you should not have an anti-virus installed. It just means that there should be an overall strategy of defense through other layers of protection. Think: Outer Perimeter, Inner Perimeter, EndPoint Security (Anti-Virus), Individual Security (Human Diligence).
The 3 most important layers for your defense system are:
- Backup & Disaster Recovery Solution (not just a DR plan)
- Anti-Virus Software that is regularly updated to recognize new threats
- Ongoing Employee Training
- (additional resources like Firewalls, Ad/Pop-up Blockers, Regular Patching/Updating of Applications, and Email Filters are also important to layering your security strategy)
What if I have been attacked? Should I pay, or not?
The trend is that victims are paying less. 35% in 2017 compared to 41% in 2016.
If you have been backing up your system regularly, you can reset your system to the latest restore point before the attack. You should be able to avoid paying the ransom and losing too much data/productivity.
If you have not been using these measures, it’s the classic risk/reward value proposition. I would always tend not to reward criminals for bad behavior (even if it hurts a little) but you should weigh the value of some of these questions:
- Is the ransom is relatively affordable?
- Has it spread to other systems?
- How expensive would it be to replace the infected device(s)?
- What if they don’t release my system(s) after I pay?
We hope this topic helps you understand ransomware threats a little better, and help you frame your overall approach to CyberSecurity.