December 2, 2017 By Carlos Portuguez Murillo 3 min read

During the last 12 months, we have witnessed the rise of ransomware, with hundreds of thousands of devices infected, countless dollars spent to recover lost files, emergency investments to improve security measures and devastating reputational damage. These factors make ransomware one of the most dangerous cyberthreats to both businesses and individual users.

Alarmingly, this threat is growing. In fact, Symantec uncovered 101 new ransomware families in 2016 and detected 36 percent more infections than the previous year, according to the firm’s “Internet Security Threat Report.” In addition, antivirus tools picked up 846 ransomware infections per day at the beginning of the year, and that figure ballooned to 1,539 per day by the year’s end.

What’s Driving the Rise in Ransomware?

The two main contributors to the rapid growth of this threat are ransomware-as-a-service (RaaS), an emerging trend in which would-be cybercriminals with little to no technical expertise purchase tools and services created by malware developers to launch their own ransomware attacks, and the underground economy.

The Symantec report described two factions of cybercriminals: traditional fraudsters who seek to launch massive attacks through phishing campaigns without using exploit kits (EKs) and cybergangs that focus on more sophisticated attacks. Both subscribe to the concept of living off the land, or sharing certain pieces of code or features with other ransomware families. Bad Rabbit, for example, shares elements of its ransom note and propagation technique with NotPetya.

The most popular vehicle for ransomware is phishing, which relies on social engineering more than sophisticated cybercriminal techniques. Emails are distributed by bots and designed to look like a legitimate message from a trusted sender. Another common threat vector is exploit kits, which take advantage of vulnerabilities in outdated or unpatched software to redirect traffic to an exploit server kit hosted on a legitimate website.

The underground economy is typically associated with stolen credit card or other personal information, but the focus has largely shifted to commercial malware. Just like you go to the supermarket to buy your groceries, cybercriminals search the Dark Web for readily packaged, user-friendly ransomware and distributed denial-of-service (DDoS) kits. The increasing availability of these threats to actors who would otherwise lack the skills to carry out a cyberattack foreshadows tremendous consequences for the security community.

Who Is Most Vulnerable?

The truth is that everybody is at risk, but certain industries and companies are more attractive to fraudsters than others. Health care organizations such as hospitals, for example, are particularly vulnerable due to the high value of patient data. When fraudsters lock up historical medical data, health care professionals are unable to render crucial medical services and thus more likely to pay a ransom to recover their stolen data.

Government institutions are also top cybercriminal targets due to the high sensitivity of their data, especially data that relates to critical infrastructure, such as electricity, oil and gas, and transportation. Similarly, the value of legal data, much of which could incriminate or embarrass high-profile clients, puts law firms at risk. The most obvious target, however, is the financial sector, due to the millions of dollars in transactions that occur on banks’ networks daily and the growing popularity — and lagging security — of mobile banking apps.

Why Are Ransomware Attacks So Effective?

There are countless factors contributing to the ever-increasing popularity of ransomware among cybercriminals. Below are six of the most significant.

  1. Willingness to pay ransoms: Many people are willing to pay the ransom to recover their lost files, which makes ransomware a profitable business for fraudsters.
  2. Vulnerable software: Lack of patch management processes that identify critical systems and prioritize patches based on severity leaves software exposed to attacks.
  3. Failure to test disaster recovery and business continuity plans: In case of a cyber incident, it’s crucial to devise a plan to continue operations during the incident response process or, at least, re-establish service as soon as possible after a data breach. Failure to regularly review and test these plans puts organizations at increased risk.
  4. Lack of backup plans: If an organization’s backup and restore strategy is not aligned with its overall disaster recovery and business continuity plans or tested regularly, it may fail unexpectedly when a cyberattack hits.
  5. Lack of security awareness training: An educated employee is the security team’s best ally. By conducting thorough and regular security training, your company will be less exposed to cyberthreats. It doesn’t matter how strong your security infrastructure is if your users fail to follow best practices.
  6. The underground economy: The availability of cybercriminal tools in underground forums and marketplaces puts ransomware in the hands of nontechnical fraudsters who would otherwise lack the know-how to carry out attacks.

To combat this growing threat, users should leverage resources such as No More Ransom, which offers tools and expertise to help ransomware victims recover their files without paying their attackers. Individuals and businesses can also take advantage of the IBM X-Force Exchange for up-to-date threat intelligence, as well as IBM’s Ransomware Response Guide.

Download the Ransomware Response Guide from IBM INCIDENT RESPONSE SERVICES

More from Data Protection

Data security tools make data loss prevention more efficient

3 min read - As businesses navigate the complexities of modern-day cybersecurity initiatives, data loss prevention (DLP) software is the frontline defense against potential data breaches and exfiltration. DLP solutions allow organizations to detect, react to and prevent data leakage or misuse of sensitive information that can lead to catastrophic consequences. However, while DLP solutions play a critical role in cybersecurity, their effectiveness significantly improves when integrated with the right tools and infrastructure. Key limitations of DLP solutions (and how to overcome them) DLP…

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today