According to a recent study cited in Business Insurance, ransomware attacks increased fourfold from 2015 to 2016. They are expected to double in 2017. A Beazley report indicates that ransomware is becoming more effective, stating that “evolving ransomware variants enable hackers to methodically investigate a company’s system, selectively lock the most critical files, and demand higher ransoms to get the more valuable files unencrypted.”
Ransomware operates like many other types of malicious software. The malware typically enters an organization’s network through a downloaded file as an attachment or a link to an infected website enclosed in a phishing email. The recipient of the email is tricked into opening the attachment or clicking the link. The malware may then bypass a company’s firewall and enter the company’s system. Ransomware can target work and personal computers, endpoint users in an enterprise network, or corporate servers. Ransomware can prevent users from accessing Windows; it will encrypt files so users cannot open them; and it may stop certain applications from running, such as web browsers.
Ransomware’s biggest threat is that it has no specific targets. Victims of ransomware include large corporations, small businesses, libraries, town governments, or as recently was the case, a hotel in which the ability of the hotel to create new room keys was disabled. Once inside the system, the malware program delivers its payload and encrypts files it has access to until a percentage of the user’s files are fully encrypted. At this time, the user is then given a message informing him or her that the company’s files have been encrypted. A company is then instructed to pay a ransom in Bitcoin or other virtual currency at a designated location in order to receive an encryption key to unlock the files. Demands can range from a few thousand dollars to tens of thousands. Recently, the St. Louis public library system received a demand of $35,000 in Bitcoin. Some ransomware programs have forced users to complete surveys for information to be used for illicit purposes.
The cost and frequency of ransomware attacks is always increasing. Over $200 million was paid in ransoms by companies in the first quarter of 2016 alone. This is particularly telling, given that, according to a January 2017 Ponemon Institute report, the average ransom paid is $2,500, which equates to over 80,000 successful ransomware attacks per calendar quarter.
Typically, when a company is the subject of a ransomware attack, its options are to either pay the ransom or try to recreate its infected network files using the company’s backup tapes. There is no guarantee that paying the ransom will grant a user access to the encrypted files. There are ways to reduce the risk of falling victim to ransomware. They include scheduling regular assessments of your company’s network security, having strong policies pertaining to company work on personal devices, and through education and training of company employees. Cyber counsel can play an integral role in assisting a company to reduce the likelihood of a successful attack and to assist the company to respond in the event of an attack.