Business Security

Ransomware: A billion-dollar problem

Business IT Research, 9 January 2017

Ransomware — malware that locks you out of your device, applications, or data — is a growing threat, but it can be dealt with using security best practices.

The use of ransomware against businesses is soaring, with incident response teams having to deal with up to 4 attacks weekly. Originally ransomware was aimed primarily at individuals, but it is now being targeted at businesses, too, with annual costs to small and medium companies of at least $75 billion in expenses and lost productivity.

The technique has become so popular that 93 percent of phishing emails are now ransomware. Phishing is another escalating threat with 6.3 million in the first quarter of this year, a 789 percent increase over the last quarter of 2015. 

The Federal Trade Commission calls ransomware extortion one of the biggest cyberthreats today. "The spate of ransomware incidents are escalating at an alarming rate," said FTC Chair Edith Ramirez, citing an estimate from the Department of Justice that incidents of ransomware, now averaging some 4,000 a day, have increased 300 percent in the past year. 

In a recent public service announcement, the FBI stated that ransomware infections impact individual users and businesses regardless of size or industry by causing service disruptions, financial loss, and, in some cases, permanent loss of valuable data. "Within the first weeks of its release, one particular ransomware variant compromised an estimated 100,000 computers a day." The FBI reported more than 2,400 ransomware complaints in 2015 and losses in excess of $24 million. The first three months of 2016 saw almost a tenfold increase in losses — $209 million  and could surpass $1 billion for the year. That’s only the reported data: another survey indicates that the number represents less than 25 percent of total ransomware attacks. A recent survey of 1,100 IT professionals found that nearly 92 percent had clients that suffered ransomware attacks in the last year, including 40 percent whose clients had sustained at least six attacks.

Ransomware steals more than money

In addition to the ransom  which doesn’t mean you will regain access to your systems and/or data, or that another attack won’t immediately follow  the costs associated with ransomware attacks and business interruption losses have a number of implications. These include:

  • Corporate loss of business income/services (36 percent)
  • Personal identity information/PII (25 percent)
  • Personal financial identity/PFI (17 percent)
  • Corporate loss of digital assets (16 percent)
  • Corporate loss of financial assets (3 percent)
  • Personal health information/PHI (3 percent)

Industries at risk from ransomware

There are a variety of surveys available as to which industry segment is most at risk, but they all show that the risks are significant. One recent study reported the education sector as the biggest target:

  • Education sector (13 percent) 
  • Government (5.9 percent)
  • Healthcare (3.5 percent)
  • Energy/utitilies (3.4 percent)
  • Retail (3.2 percent)
  • Finance (1.5 percent)

Another survey found that goverment (23 percent) was the most frequently targeted industry segment, followed by business services (18 percent)  and finance and insurance institutions (13 percent). 

Malware and hacking have evolved from a hobby or act of rebellion to a lucrative business, with cybercriminals collaborating, sharing best practices and tools to steal your money, with ransomware being one of the latest techniques. Its popularity is growing because it achieves significant gains for the bad guys, an estimated $1 billion in 2016. But as with all malware attacks, it can be significantly reduced, if not eliminated, by practicing the basic rules of safe computing.

As always, the weakest links in your cybersecurity defenses are your users, so make sure they are aware of the significance and provided with the appropriate training and guidelines. Ransomware is a serious and growing problem, but it need not be so for you.

How to protect your business from ransomware 

  • Don’t open suspicious attachments (e.g. zipped .js, .wsf, or .vbs files)
  • Disable Microsoft Office macros by default and never enable macros in strange/unknown attachments that you receive via email
  • Keep recent backup copies of important data in a secure place online or offline
  • Ensure that your system and applications are fully updated and patched

If you find ransomware on your device, make use of your antivirus software's ransomware removal tool, which should scan for and wipe out any ransomware attempts found. 

Free Ransomware Decryption Tools

Avast has tools to help you recover encrypted files if your computer has been infected with one of the following ransomware strains:

  • Alcatraz Locker
  • Apocalypse
  • BadBlock
  • Bart
  • Crypt888
  • CrySiS
  • Globe
  • Legion
  • NoobCrypt
  • SZFLocker
  • TeslaCrypt

All these tools are free and, when possible, updated as these strains evolve.