I didn’t get to attend security conference Black Hat this year, but based on the highlights I’ve been seeing, ransomware is a major topic. I’m not surprised (and I’m sure my readers aren’t, either). As ComputerWeekly pointed out, ransomware is the security concern of the summer. I’d say it is the security issue of 2016. It seems like every security discussion begins or ends with ransomware. So I’ve rounded up some of the findings about ransomware that were disclosed this past week.
According to PhishMe’s Q2 malware report, ransomware made up half of all malware and, in fact, ransomware has developed into a real business for cybercriminals. There has been a significant rise in encryption malware and in evasion techniques, according to the study. As PhishMe CEO and co-founder Rohyt Belani was quoted by eSecurity Planet:
Barely a year ago, ransomware was a concerning trend on the rise. Now, ransomware is a fully established business model and a reliable profit engine for cybercriminals, as threat actors involved treat it as a legitimate industry by selling information, tools and resources to peers based all around the world.
Meanwhile, a Malwarebytes study revealed that 40 percent of enterprises had been hit with ransomware in the past year, with many of those companies losing revenue because of the attack and a whopping 20 percent saying that they had to shut down operations altogether. But here is a stat that really surprised me: Only 3 percent of American companies have paid the ransom, compared to 75 percent of Canadian companies and 58 percent of businesses in the UK. CSO explained a possible reason for this lack of ransomware payment:
This is partly due to the fact that, in the United States, the attacks were much more likely to hit lower-level employees. In the U.S., enterprises reported that 71 percent of lower-level staff were affected, compared to 29 percent in the U.K., 23 percent in Canada, and 14 percent in Germany. In addition, U.S. infections were less likely to spread to other computers.
I want to note one more study (although, I think I could write a book about ransomware discoveries at this point). CyberArk tested 23,000 real-world samples from common ransomware families in order to investigate ransomware behavior. Analyzing this behavior, according to Chen Bitan, general manager with CyberArk, will allow security professionals to better protect themselves from future attacks. He added in a formal statement:
Ransomware has emerged as a credible and opportunistic tactic for attackers, leaving infected organizations with the difficult choice of abandoning hijacked data or paying cybercriminals for the chance to retrieve their files. Moving beyond traditional anti-virus solutions, which are not effective in blocking ransomware, and adopting a proactive approach to endpoint and server security is an important step in protecting against this fast-moving and morphing malware.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba