April 12, 2018 By David Bisson 2 min read

A recent data breach investigations study revealed that ransomware was the most prevalent variety of malware in 2017.

According to Verizon’s “2018 Data Breach Investigations Report (DBIR),” security professionals spotted cryptolockers in 39 percent of security incidents that involved malware as an attack variety. This attack type was more prevalent than spyware, banking Trojans and other forms of malicious software over the course of the year.

Ransomware in Review

For the report, Verizon analyzed over 53,000 security incidents, including 2,216 data breaches, submitted from contributors in more than five dozen countries. The goal of the study was to identify trends in those events and inform organizations about the threats they’re up against as they plan their defense strategies.

The researchers ranked ransomware as the fifth-most prevalent action variety with 787 incidents, and noted that malware was utilized as a tactic in 30 percent of security events.

Gabe Bassett, senior information security data scientist at Verizon and co-author of the report, said he tracked ransomware’s growth since it first appeared in the 2013 edition of the DBIR. During that span of time, he witnessed ransomware activity double year over year on at least two separate occasions.

“The reason we’re seeing this incredible prevalence is ransomware is a great value proposition for the attacker,” Bassett told TechRepublic. “They don’t have to do a lot of the complex work. They just drop a piece of malware and then let it run.”

Ransomware activity also grew because of its flexibility, allowing cybercriminals to launch campaigns against targets that are more lucrative than users’ personal devices. In fact, Verizon noted a rise in ransomware operations targeting enterprises’ file systems and databases.

An Industry Perspective

Ransomware was more prevalent in some industries than others. Healthcare came in at the top, with cryptolockers accounting for 85 percent of all malware varieties over the course of the year. The May 2017 outbreak of WannaCry, which claimed 34 percent of the U.K.’s National Health Service (NHS) hospital trusts as victims, according to the U.K. Department of Health and Social Care, likely helped drive up this figure.

But Bassett and his fellow researchers revealed that number might misrepresent the realities of data protection in the healthcare sector. The Verizon report noted that medical organizations are bound by federal regulations to report ransomware attacks as data breaches and not instances of data risk. Therefore, it’s impossible to know whether hospitals and other healthcare centers are more susceptible to ransomware than organizations in other industries or if higher reporting standards are to blame.

The report’s authors advised organizations to take certain steps to protect themselves against data breaches, including implementing two-factor authentication (2FA), patching software vulnerabilities and conducting ongoing security awareness training with employees.

More from

Taking the fight to the enemy: Cyber persistence strategy gains momentum

4 min read - The nature of cyber warfare has evolved rapidly over the last decade, forcing the world’s governments and industries to reimagine their cybersecurity strategies. While deterrence and reactive defenses once dominated the conversation, the emergence of cyber persistence — actively hunting down threats before they materialize — has become the new frontier. This shift, spearheaded by the United States and rapidly adopted by its allies, highlights the realization that defense alone is no longer enough to secure cyberspace.The momentum behind this…

2024 Cloud Threat Landscape Report: How does cloud security fail?

4 min read - Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40% of all data breaches involved data distributed across multiple environments, meaning that these best-laid plans often fail in the cloud environment.Not surprisingly, many organizations find keeping a robust security posture in the cloud to be exceptionally challenging, especially with the need to enforce security policies consistently across dynamic and expansive cloud infrastructures. The recently released X-Force…

Why maintaining data cleanliness is essential to cybersecurity

3 min read - Data, in all its shapes and forms, is one of the most critical assets a business possesses. Not only does it provide organizations with critical information regarding their systems and processes, but it also fuels growth and enables better decision-making on all levels.However, like any other piece of company equipment, data can degrade over time and become less valuable if organizations aren’t careful. What’s even more dangerous is that neglecting data hygiene can expose organizations to a number of security…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today