Despite the uptick of ransomware attacks, small and midsize businesses are not taking sufficient measures to combat ransomware. Unfortunately, ransomware is lucrative and hard to trace.
The internet has always been a dangerous place with it and ever-present malware threats, ransomware has recently seen a sharp decline for consumers but the bad news is enterprise ransomware attacks are on the rise.
According to a recent report from Malwarebytes – consumers have seen a sharp decline and consumer-oriented crypto miners have almost completely vanished. But malware attacks against the enterprise have increased sharply during the same period. The rate of detections within the businesses rose from 2.8 million in the first quarter of 2018 to 9.5 million in the first quarter of 2019 – nearly a 340% increase in detections.
The State of ransomware: A rising criminal enterprise
There can be two major factors we can attribute to the rise in ransomware attacks targeted towards businesses and enterprises.
Factor 01: Bitcoin price cash. For a period of time, the ransomware infection rate had decreased as malware authors turned their attention to crypto mining. It was seemingly easier and more lucrative for malware authors to steal Bitcoin and more other cryptocurrencies than try to extort a ransom. Bitcoin had hit a peak value of nearly $20,000 in December 2017 and it has seen a bit of a comeback recently with the price hike of $9,000. Between the Bitcoin price crash of 2018 and the fact that security professionals began putting a lot more effort into crypto mining prevention, it was not possible and almost inevitable that malware authors would begin to focus less on creating crypto miners and go back to their original cash cow, ransomware.
Factor 2: The other factor that has played a major role in the increase in ransomware targeting the enterprise is the emboldening of ransomware authors.
The infamous, suddenly born, WannaCry attack proved itself beyond a shadow of a doubt that a ransomware attack can be widely effective on a grand scale. Even though some healthcare companies received quite good attention from media and the public with no harm and no damage by WannaCry. But the manufacturing companies had gone for a toss. Apple chipmaker TSMC had to temporarily halt its manufacturing operations from having total estimated losses of more than $250 million.
According to Carbonite Inc., 66% of respondents rate the threat of ransomware as “very serious.” And 13% of those surveyed rate their company’s preparedness to prevent ransomware as “high.”
How are enterprises affected by ransomware?
Ransomware is no longer something that is a distant or unlikely risk. More than half of the companies represented in Carbonatite Inc.’s research experienced a ransomware attack. And it all started from the year 2017 and it became the year of ransomware. But how exactly are companies affected by ransomware attacks? How devastating they are?
The results and outcomes are astounding and at times small and midsized businesses are not in a condition to get back on the field.
One of the major and worst consequences of a ransomware attack is financial losses. An average of four ransomware attacks and paid an average of $2500 per attack. And cybercriminals tend to demand the payment within 48 hours. Lack of preparations and almost no infrastructure for SMEs make them face such a threat. And due to this reason, almost half of the companies paid the demanded ransom within the given deadline.
Beyond the significant financial consequences, enterprises needed to invest in new technologies, they lost clients, customers and a large amount of money due to downtime. And for enterprises even just one ransomware incident makes a company more vulnerable to future attacks.
According to the Coveware Quarterly Ransomware Report, ransom payments rose 31% in the last quarter, at an average of $234,000. The medium ransom payment averages $110,532 and the researchers explained payment costs have increased as hackers increasingly target larger enterprises. Cyber security experts have been alarmed by the convergence of ransomware with data theft and data exfiltration to create an especially pernicious threat.
Over the past year, ransomware variants like Maze and DopplePaymer are been used to add the threat of data exfiltration to a ransomware attack. If a victim hesitates or delays to pay the demanded ransom, the cyber-criminal releases a portion of the data to publicize the exploit and heighten the pressure.
By giving away the great financial business hardships, companies are reluctant to report ransomware incidents to law enforcement because of concerns of negative publicity.
Conclusion: How you can stay safe
Before the next generation of ransomware evolves, every small or big enterprise should deploy the first line of defense which must accomplish five key things:
- Stop opportunities for lateral movement of ransomware within your network
- Reduces the amount of time an attacker has to operate within your network
- Patch up the vulnerable internet infrastructure and improve password management
- Regularly monitor your browser infections to identify the remediate threats more quickly
- Split your network into sub-networks to STOP, SLOW and contain SELF-PROPAGATING threats.
And always keep the last line of defense that is back up recovery. Off-sites back up would be your only hope for restoring services without paying a ransom. Make sure the backups are not open to compromise.
“Threat is a mirror of security gaps. Cyber-threat is mainly the reflection of our weaknesses. An accurate vision of digital and behavioral gaps is crucial for a consistent cyber-resilience.”
― Stephane Nappo