Ransomware is one of the most common types of malware and has been widely adopted by cybercriminals who use it to extort money from businesses.
Ransomware encrypts essential files to prevent them from being accessed. A ransom is then demanded to supply the keys to unlock the encrypted files. It is often installed unwittingly by employees when they respond to malicious emails or can be deployed manually if access is gained to a network. One of the most common ways this is achieved is through brute force attacks on Remote Desktop Protocol or by exploiting unpatched software vulnerabilities.
Ransoms typically range from around $200 to $1,000 per infected device, although attacks on businesses usually see huge ransoms demanded. The threat actors behind SamSam ransomware usually charge in the region of $50,000 to supply the keys to unlock encrypted files. The gang deploys the ransomware manually after gaining access to a business network, usually through an RDP attack. Many companies are forced to pay as they cannot recover files from backups, or the cost of doing so (time, business disruption, loss of business etc.) is often far higher than the ransom payment.
The cost of ransomware attacks is considerable. A recent report from Cybersecurity Ventures, sponsored by the security awareness training company KnowBe4, suggests that by 2019 there will be a ransomware attack on a business occurring every 14 seconds. The global costs of ransomware attacks will likely exceed $8 billion in 2018 and will rise to more than $11.5 billion in 2019.
While some security firms have noted a slowdown in the use of ransomware as cybercriminals turn to cryptocurrency mining to make money, not all cybersecurity firms share that view. A recent report from SonicWall shows there has been 300% year-over-year growth in ransomware.
Technological defenses against ransomware will only go so far. Cybercriminals know that the easiest way to gain access to a company network is through its employees.
“Ransomware is the new normal; it’s here to stay and is growing in sophistication and frequency,” said Stu Sjouwerman, CEO, KnowBe4. “Bad guys choose to hack people if they can; they are the softest target and easily manipulated with social engineering. Organizations need to protect their infrastructure with a new security layer: a human firewall.” Through training and phishing email simulations, employees can be taught how to recognise malicious emails and other threats and report them to their security teams before any damage is caused.