In 2019, experts predicted that one business will fall prey to ransomware every 14 seconds. By 2021, that span will shrink further to 11 seconds. The global ransomware damage costs are expected to escalate to up to $20 billion by then.
The good news is that technology is shifting at a rapid pace. Systems are getting more sophisticated. But, the bad news is that so are ransomware attacks. As the underlying technology gets more complex, we are facing newer cybersecurity challenges that need more time and skill to both prevent and cure.
The ransomware landscape remained lively throughout 2019 as hackers continued to see value in targeting public bodies, governments, and enterprises.
Multinational manufacturers, as well as U.S. city and county governments, used up at least $176 million in 2019 toward costs pertaining to ransomware attacks. This includes the cost of investigating an attack, restoring backups, rebuilding networks, paying the ransom, and putting preventative measures in place to avoid similar occurrences in the future.
Let’s review the top ransomware attacks that plagued enterprises and governments last year:
According to Statista, spam and phishing emails are a leading cause of ransomware infections, followed by a lack of cybersecurity training and weak passwords or access management.
At TEHTRIS, we recorded a parallel increase of hackers using remote security vulnerabilities to get targeted illegal access without human interaction, beyond the phishing operations, so that it could be converted into ransomware options (from days to weeks depending on the situation of the attackers): related blog entry.
Moreover, some of these offensive hackers are now extending these damaging effects with data theft options so that they can disclose them on the Internet in case the victims would refuse to pay.
2019 saw both spray-and-pray attacks as well as targeted ransomware attacks.
As cybersecurity science becomes more mature with deep learning and synchronized automatic protections, besides other advancements, it is steadily becoming capable of disrupting the commodity ‘spray and pray’ business of malware infections.
This is forcing cybercriminals to now launch targeted ransomware attacks that rake in millions of dollars. Targeted ransomware is the hard part for cybercriminals as targeted ransomware can’t be bought on the dark web. Attackers need to get their hands on the keyboard and indulge in a little DIY. Sometimes they can use parts available through Ransomware as a Service. But we switch from an automatic blind attack to fine jewelry with manual actions in order to bigger make bigger ransom demands.
Instead of relying on automation and generic ransomware programs, highly skilled hackers now research government bodies and enterprises, find targets, break into their computers, escalate privileges, disable poorly protected security tools, prepare to encrypt or safely remove backups, and wait for the right moment to launch a massive internal ransomware infection thanks to lateral movements.
Since these cybercriminals spend so much time and effort into the process, they reap high rewards and demand a hefty ransom. Criminals enjoy massive paydays with successful targeted ransomware attacks (as much as $50,000 per attack), and so these threats are here to stay!
It’s nearly impossible for an organization to prevent itself from occurring on a targeted attacker’s list. Unless they get off the internet completely, and still it’s not certain.
But, there are a few things organizations can do to mitigate the risk:
Cyber insurance is a potentially massive yet untapped opportunity for insurers and reinsurers. According to PwC, annual gross written premiums are set to grow from $2.5 billion today to $7.5 billion by the end of 2020.
Companies can no longer afford to remain on the sidelines of cyber insurance. Cybercrimes are getting costlier, harder to detect, and increasingly difficult to combat.
As businesses prepare to address cyber risks, the cyber insurance market could grow to a whopping $20 billion by 2025. According to a recent survey, 47 percent of respondents now have cyber insurance, up from only 35 percent in 2017.
The volatile and dynamic cybercrime market is prompting companies to look out for ways to reduce the risk to their business. So much so that 71 percent of insurance CEOs and 61 percent of business leaders see cyber-attacks as a potential threat to growth, ranking it before consumer behavior shifts and speed of technological change.
We also recently recorded small cases where insurers decided to pay the ransom so that the targets could get their data back, meaning that an indirect business is being organized between cyber criminals and targets, allowing attackers to reinject this dark money in their illegal innovations to … strike again. Harder, Better, Faster, Stronger.
As the trend grows and cyberattacks such as ransomware invasions become both more frequent and severe, companies will look for cyber insurance products to mitigate the financial impact of such threats.
The implications of these trends for security professionals and enterprises are clear. It’s now time to move from a strictly defensive posture concerning ransomware to a more offensive strategy. Organizations need to become more proactive in finding and fixing vulnerabilities that can be exploited by ransomware and should definitely add a real layer of efficient detection and response.
As big as the ransomware landscape was in 2019, we don’t expect it to abate this new year. Extortion through ransomware is profitable for cybercriminals and they will keep on doing it.
In 2020, adversaries might place targets on traditional, weaker environments with a lack of backup and restore procedures. Organizations will find themselves victims of targeted attacks for as long as they agree to pay.
If you are looking for a reliable cybersecurity firm to assist you in preparing for these threats, let’s get in touch!