A Cybersecurity Ventures report indicates ransomware costs will exceed $5 billion in 2017, up from $325 million in 2015–what can be done from preventing these attacks from happening?
Late last month, another ransomware attack slammed Ukraine and Russia–the second major one since the NotPetya attack in June–igniting speculation that the severity of these attacks are only going to get worse from here on out.
By definition, a ransomware attack infects computers and limits one’s access to files, “often threatening permanent data destruction unless a ransomware is paid,” Cybersecurity Ventures 2017 Ransomware Damage Report states, highlighting that these kinds of attacks have been catastrophic, particularly in 2017 alone.
According to the report, global ransomware damage costs is projected to reach $5 billion in 2017, up from $325 million in 2015 and representing an increase of roughly 1439 percent in just two years.
The report continues, indicating those costs include: damage and destruction–or loss–of data, downtime, loss productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training to respond to the attacks.
As it stands, the WannaCry attack from May is still the biggest one to hit this year, although ransomware attacks are still trending in an upward position–particularly following NotPetya in June and Bad Rabbit in October.
“The WannaCry ransomware attack is the largest we’ve ever seen of its kind, demonstrating in real time that ransomware continues to escalate as a global problem and a lucrative business for cyber criminals,” Mike Fey, President and COO of Symantec said in the report. Fey continued, stating there was a 36 percent increase in ransomware attacks since 2016 alone.
Alex Heid, chief research officer at SecurityScorecard said that the rise of ransomware attacks can be attributed to the victims paying the conversion rate–which is fairly high, he says– to retrieve the stolen information, and “makes it worthwhile for the attacker, especially when [the attacker] hits a company.”
“Most companies would rather just pay a few thousand dollars and get back the business and risk the loss of revenue from the time it would take to actually fix the problem,” Heid said.
When it comes to retrieving stolen information, bitcoin–and other cryptocurrencies–has become a popular method for hackers to demand in exchange of the information. When asked about if someone doesn’t have bitcoin or a cryptocurrency to pay in order to get their information back to them, Heid said hackers will often provide instructions on how to get bitcoin, and provide a list of bitcoin exchanges.
“Some of them are legitimate exchangers, some of them are underground bitcoin exchangers that are on in the whole operation, so they’ll sell the bitcoin at a significant markup,” he said.
Heid added that often what will happen is the person attempting to retrieve the stolen information will become “quite familiar” with either bitcoin or cryptocurrencies by the end of the process, or “hire someone who’s good at computers.”
That being said, Steve Morgan, founder and editor-in-chief of Cybersecurity Ventures cautions ransomware victims from paying the fee to retrieve information.
“Cybersecurity industry experts and law enforcement officials have been advising organizations not to pay ransoms,” Morgan said in the Ransomware Damage report. “While the percentage of ransom victims who pay bitcoin to hackers in hopes of reclaiming their data appears to be on the decline, the total damage costs in connection to ransomware attacks is skyrocketing. We believe ransom payouts are the least of all damage cost contributors.”
In an interview with the Investing News Network (INN), Tal Vegvizer, director research and development at BUFFERZONE, said one way to prepare for ransomware attacks in the future is to be less exposed to external resources.
“[Ransomware] can come from a downloaded file, like PDF [and] it can come from a malicious website,” he said. “Everything is exposed to external resources, so the way to prevent and lower the risk is to add a level of security that will guard you.”
Some of those preventative measures, according to Itay Glick, CEO of Votiro, include not using default passwords and setting up two-factor authentication, which requires not only a password and username something that only the user has on them, such as a cell phone, or a piece of information only they should know.
Of course, there’s more to taking preventative measures than just that: according to the Ransomware Damage report, training employees on how to recognize and defend cyberattacks is key, and ensuring there’s a strong cybersecurity culture within a company.
“Periodic updates and enhancements to existing cyber hygiene practices can drive more awareness resulting in a more educated work force dedicated to healthy cyber practices,” Rich Baich, chief information officer at Wells Fargo said in the report.
Blockchain and cryptocurrencies, too, will play integral roles in ransomware’s future, Heid said. As mentioned, while hackers will ask for a cryptocurrency to to retrieve stolen information, Heid said blockchain can assist people looking for the hackers “if it was used wrong” due to its decentralized nature.
“It can be quite helpful if the [hacker] didn’t use it right,” Heid said.
All told, it’s certainly a team effort when it comes to businesses protecting against ransomware attacks–to that end, here’s a list of 10 top cybersecurity companies making it easier to prevent cyberattacks from happening.