4 Tips on Ransomware
Ransomware is arguably the biggest threat on the internet these days. In the first quarter of 2017, one of the take-aways was that Cerber ransomware dethroned Locky for #1 ransomware menace. Here are four facts about ransomware that everyone should know.
Cerber ransomware rises in first quarter 2017. Cerber ransomware arrived on the scene in March 2016 and immediately made a big impact on businesses. One year later, Cerber constitutes 90% of Windows ransomware — which is a big deal since 60% of all malware attacks on Windows are ransomware attacks. By the first quarter of 2017, this new family of ransomware had displaced Locky as the internet’s #1 ransomware menace. Poor Locky only has a 2% share now which is, to a large extent, due to its pulling up stakes in the game.
Why — up to now — ransomware is short-lived. Cyber criminals become more and more professional every day. As professionals, they must innovate or give way to newer models. Cerber became the leader so quickly in 2016 because it provided Ransomware-as-a-Service to other cyber criminals who lease the rights to use Cerber — and to customize Cerber to their needs — in exchange for a cut of the profits. Another feature in its meteoric rise is that Cerber spreads by using spam networks to send out large spam campaigns or major exploit kits. (An exploit kit is software that runs on web servers in order to identify vulnerabilities on the computers it talks to and then downloads malicious code to those computers.)
Cerber is popular with hackers because the creators release frequent upgrades, with exciting new features and tools to avoid detection by cybersecurity. One of its newer features has the threat read its ransom demand to the victim using text to speech technology.
Impact of ransomware on businesses. The average dollar amount demanded by ransomware in 2016 was US$679 which was an increase over 2015’s average demand of US$294, according to ISTR Special Report: Ransomware and Businesses 2016. Symantec says it is impossible to accurately determine how much ransom money businesses paid to cyber criminals because the victims seldom announce how much they paid. In addition, payments aren’t in US dollars. Payments are generally in cryptocurrency, which have unique identifiers for each wallet and, therefore, remain hard to trace.
The FBI reports, however, aptly illustrate the scale of the problem. The FBI says that it received 2,400 reports of ransomware in
2015 to the tune of reported losses of more than US$24 million. That’s an increase over 2014 when 1,800 reports of ransomware netted about $US23 million. It’s a lucrative crime business because many victims are willing to pay the ransom, believing they have no other choice.
Additional expenses as the result of a ransomware attack. The ransom paid is just the tip of the expenses resulting from a ransomware attack. Legal fees may incur if customers lose sensitive financial information and sue the business. Organizations often have to completely shut down the network which results in downtime expenses. Financial expenses for specialized cyber support increase during and after the attack. Last, but not least, the loss of data in files destroyed or encrypted has a definite impact on the company’s reputation, its brand, and its finances. Perhaps, even more significant, in a hospital or physician setting, the potential for loss of life from inaccessible medical records or even critical medical equipment form the long-term effects of a ransomware attack.
The latest wrinkle in ransomware is the offer of free decryption for your files if you help infect another company’s files with ransomware. To learn about how ransomware raises ethical questions for businesses, read inc.com’s article entitled “Would You Infect Someone Else With Ransomware To Save Your Own Files?”