One of the most popular cybersecurity predictions for 2016 was the rise in ransomware attacks. In the spring, I reported how accurate that ransomware prediction appeared to be after first quarter findings. Now as the year winds down, we have a much better idea of how damaging ransomware has been.
A new study from SentinelOne found that one half of American companies were the victims of a ransomware attack in the last 12 months. That number drops slightly, from 50 percent to 48 percent, if you look at ransomware on a more global level; the UK skewed the numbers considerably, coming in at 39 percent, while the other countries in the survey, France and Germany, were closer to the U.S. numbers. IT staff then lost nearly a full work week – 33 hours – to restoring the encrypted data from backup files.
How are attackers spreading ransomware into your system? The vast majority, 83 percent, gained access to your data through phishing emails or malicious social media links, while 50 percent of attacks were via drive-by downloads.
The number of attacks that come via phishing shouldn’t surprise anyone, especially as we’re seeing an uptick of ransomware embedded into these email messages. According to PhishMe’s Third Quarter Report, more than 97 percent of the phishing email sent included ransomware. There is also one particular strain of ransomware being shared, as eSecurity Planet reported:
Locky ransomware executables were the most commonly-identified file type in the third quarter, PhishMe found. "Locky will be remembered alongside 2013's CryptoLocker as a top-tier ransomware tool that fundamentally alterered the way security professionals view the threat landscape," PhishMe CTO and co-founder Aaron Higbee said in a statement. "Not only does Locky distribution dwarf all other malware from 2016, it towers above all other ransomware varieties."
With so many ransomware attacks and the increased focus by cybercriminals to spread ransomware, IT and security professionals are feeling a bit overwhelmed. The SentinelOne study found that 36 percent of security pros feel helpless against preventing ransomware attacks. And, like all security threats, ransomware continues to become more difficult to detect or defend. Fast Company reported that we should expect new strains of ransomware to not only encrypt our data, but possibly share it in public forums:
Instead of simply encoding files so that users can’t access them, some blackmailers armed with a new kind of malware called doxware are threatening to leak potentially sensitive files to the public if a ransom isn’t paid, says Chris Ensey, COO of Dunbar Security Solutions.
I expect 2016 to be known as the Year of Ransomware, which I believe is a sentiment shared by Jeremiah Grossman, chief of security strategy at SentinelOne, who also said in a formal statement:
Ransomware has become one of the most successful forms of cybercrime in 2016 and is on the top of every security professional’s list of most prolific threats. We don’t expect the ransomware epidemic to slow down anytime soon. The situation is likely to get far worse, as some of the ill-gotten gains will be invested into research and development designed to improve encryption strength and utilize new delivery methods.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba