What is ransomware, and why it is so damaging for businesses?

Ransomware is a type of malware that aims to extort money from companies by disrupting their activities. The most widespread type of ransomware targets data and renders information or computer systems unusable until a ransom is paid. When business-critical information gets locked up, most businesses seriously consider paying ransoms to recover it. In many cases, however, paying a ransom does not guarantee that the files will be recovered. Cyber attackers take advantage of the availability of anonymous cyber currencies, like Bitcoin, to monetize ransomware attacks. Read more about how ransomware developed over time.

How is ransomware different from common malware?

The first thing that differentiates ransomware from generic malware is that it is tough to detect. Why? The answer is simple. It does not behave like malware, although its payloads cause a lot of damage. When accessing files, ransomware mimics user behavior very well. It does not usually attempt to replicate to other machines. Instead, it tries to destroy available network files. It grows smarter by developing ways to hide and eluding common detection techniques. It does not perform suspicious memory operations, and it can run on a machine for hours before it is detected as someone tries to access compromised files. Second, ransomware attacks are easier to carry out because of online ransomware platforms available in the TOR anonymity network (read more here). Virtually anybody can launch a ransomware attack without knowing much about coding, and they can monetize this activity using untraceable virtual currencies, such as Bitcoin.

These differences lead to significantly higher numbers of successful infections and far more new variants compared to other malware.

“There were between 2M and 3M successful #ransomware attacks in 2016, and the frequency will double year over year through 2019.”

Click to Tweet!

(Source: Gartner: Predicts 2017: Business Continuity Management and IT Service Continuity Management)

What cost do companies pay if they fall victim to ransomware?

Well, it can be hundreds to thousands of dollars, depending on the victim’s location and company profile. According to a study by IBM, 70% of all businesses attacked by ransomware paid to recover their files. Half paid over $10,000, while 20% paid over $40,000. In addition to this money, each incident came with several days of downtime, which comes with its own separate costs.

The easiest way to understand the damage ransomware can do is to think about downtime. When it comes down to it, holding data or systems hostage leads to downtime and an inability to perform business activities. How much time can you afford to be unable to do your stuff? Add to that the effort it takes to recover the latest version of your lost files, assess your up-to-date status, and re-do all the work that’s missing. Then consider the cost of data exfiltration, which may happen during a ransomware attack. Evaluating this aspect may involve investigation activities that take up time and money. In addition, such incidents affect your brand, your company image, and your customers’ and partners’ confidence, costs that are difficult to estimate in the long run.

Notable examples:

CryptoWall was the first ransomware to include advanced obfuscation techniques designed to render the malicious payload undetectable by security software. It made over $100M in ransom.

Locky was one of the most prolific ransomwares. It made over $200M in ransom over a relatively short period.

How can you protect against ransomware?

Ransomware is the most critical cybersecurity threat today, and it deserves all the attention it can get. The cost of preventing a ransomware attack significantly exceeds the cost of recovering from one, while the already-high risk of ransomware infection keeps growing. Ransomware protection involves combining employee awareness training with a multilayered approach to security consisting of security solutions specifically designed to protect your files from ransomware.

Follow us on Twitter and subscribe to our newsletter to stay abreast of the latest on ransomware and protect yourself against it.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply