We’ve heard some terrifying stories throughout history when it comes to kidnappings and physical attacks demanding ransom. Criminals once made a fortune abducting people in exchange for quick mega paydays if all went as planned. Unfortunately, criminals who leverage these tactics know that when it comes to loved ones, people are willing to go to great lengths to protect them.
Today, cyber attackers have taken this horrible phenomenon to new heights. From the comfort of their homes, without any physical contact, they are able to launch virtual kidnappings of valuable digital assets and hold them hostage in exchange for money. Of course, “digital-napping” cannot compare to the personal agony of threated life that comes with traditional kidnapping. However, as technology more critically integrates with physical systems, the cross-over between cybersecurity and safety inherently increases the potential impact of cyber-attacks on human wellbeing. For example, holding hospital systems hostage or shutting down an electrical grid for ransom can ultimately lead to similar life-threatening circumstances.
This isn’t new. The daunting cyber-attack method first surfaced in the 80s, has grown significantly over the last 3 decades, and doesn’t appear to be letting up anytime soon. Here are a few reasons why ransomware is still a danger to companies into 2020:
“Ransomware-as-a-service” is now a thing.
Ransomware is a common cyber-attack mechanism where, as the name implies, cybercriminals hold valuable assets hostage and request payment for their safe return. There are many variations of these types of attacks, but the common goal is usually to extort companies or users for money. For example, an attacker may encrypt all of your data and ask for payment in exchange for the decryption key. Without the key, your operations could end up crippled. They may hack into your account, change the password, and replace your password recovery email address with their own so that you no longer have control over your account. They may deface your website and block your access to make changes, damaging your reputation. The methods used to execute these attackers vary based on the target of the attack and the skills or resources possessed by the attacker, but the goal is simple – force companies and users to pay for the return of their beloved assets.
There’s an added trend in this space that serves as a convenience to criminals and creates a greater challenge for companies. Attackers don’t have to spend their precious time building these attacks anymore. With the increasing popularity of “Ransomware as a Service” providers, the attacks are easier than ever to launch and often deliver lucrative payouts, giving cybercriminals no incentive to slow down on the attacks. Cryptowall is an attack campaign that, for example, generated $320 million in revenue for assailants. These attack services can be purchased on the dark web for under $50 in some cases, and the return on investment can be massive when the attacks are successful.
Numerous industry reports indicate growing trends in ransomware attacks over time.
It’s predicted that global ransomware costs will climb to 11.5 billion by the end of 2019, up from $5 billion in 2017 and just $325 million in 2015. The frequency of attacks continues to increase as well. According to a report on ransomware, these attacks occurred once every 120 seconds in early 2016. By 2017 this spiked to an attack occurring every 40 seconds. In 2020, the impact is expected to grow even more. Some researchers predict an attack will happen every 14 seconds.
Unprepared entities continue to fold and pay the ransom.
Whether dealing with a physical kidnapping or “digital-napping” ransom case, a common question arises. “Should we pay the ransom?” Generally, the sentiment is no for several reasons. First, paying doesn’t guarantee you’ll get your data back. Second, if you’re successfully extorted once, expect it to happen again once attackers realize that you are indeed willing to pay.
Though this is common knowledge, many companies still cave in and pay the ransom to get their systems up and running as quickly as possible. For multi-billion dollar corporations, an attacker asking for $100,000 in ransom may be easier to pay than taking time to fight or negotiate. For smaller companies, $100,000 can be a big deal thus increasing pressure on those entities to ensure they are well equipped to prevent and respond to such attacks.
It’s not just to the price of the ransom that hurts.
When people think about the cost of a ransomware attack, they may automatically think about the asking price of the attacker. Hopefully, once paid, everyone can move on with business as usual right? Unfortunately, the answer is no. Like most cyber-attacks, the indirect costs often well exceed what’s seen at face value. Other costs associated with ransomware attacks can include a loss in productivity and losses associated with system downtime. If, for example, a company has a system that generates $100,000 in revenue per hour and it’s down for 5 hours due to a ransomware attack, that’s a half a million dollar loss in addition to the ransom should you decide to pay.
Additional losses can be incurred from restoration efforts or loss of data that can’t be recovered. If any irrecoverable data now needs to be recreated, that will also increase your total price ticket. Like any other attack, there are also general costs associated with digital forensics and investigation costs, implementing new technologies or changes to prevent future incidents, training employees or consumers in response, and the potential blow to the company reputation should the attack be publicized.
In today’s technology environment, “digital-napping” or ransomware attacks have become a common and effective method of extortion. For the criminals, it’s much more scalable, requires less effort to hold systems hostage instead of people, and remains a lucrative option as companies continue to pay up. For these reasons, ransomware attacks are here to stay in 2020. Companies, large and small can mitigate the risk of these seemingly inevitable incidents by building robust security programs that incorporate methods for preventing and responding to ransomware attack.