Keyboard with the word "Ransomware" on it.

Ransomware has been around for a long time, but the new and improved ransomware attacks are more sophisticated and more far-reaching than ever before. These types of attacks do not only have crippling effects on financial institutions, but they can now impact any consumer’s daily life. Each year experts try to predict cybersecurity trends, and gently sound the alarm to businesses and organizations. But now the sirens are blaring because they are seeing some of their worst fears come true as ransomware has become the method of choice for hackers with the capacity to literally stop all of us in our tracks.

Ransomware is a type of malware that infects a user’s computer by encrypting all the data on the computer, making it impossible for the user to access. In order for the information to be decrypted the hacker demands a ransom, usually monetary, by way of bitcoin since it is harder to trace who the receiver of the funds are. In the beginning of 2016, hackers made over 209 million dollars within the first three months of the year. Today, according to Cybersecurity Ventures, one of the world’s leading researcher for cybersecurity facts, figures, and statistics, it is predicted that ransomware attacks will cost 6 trillion dollars worldwide in 2021, and by 2025 that number will grow to 10.5 trillion dollars. These numbers are devastating, especially when a recent survey done by Sophos, a worldwide leader in next-generation cybersecurity, found that only 8% of organizations managed to get back all of their data after paying a ransom, with 29% getting back no more than half of their data.

In that same study, they found that ransomware attacks fell from 51% to 37% in 2020. Good news, but also troubling. What that number indicates is a different strategy is being deployed by cybercriminals. They have become emboldened by the ease of deploying a ransomware attack on victims. These types of malware are not complex, are very inexpensive, and are deployed via phishing attacks most of the time. They have now narrowed their attacks to a more targeted assault that cripples entire sectors, states and even countries, simultaneously. What we all recently witnessed with the Colonial Pipeline attack is the power of bad actors to move beyond trying to just gain money, but the power to disrupt a country’s economy and cause chaos in the lives of citizens. Cybercriminals having the ability to infiltrate not only the financial sector but also power grids, schools and hospitals, is extremely alarming since these institutions are the very foundation of our society.

The techniques for ransomware have increasingly become more aggressive and by upping the ante, attackers believe they are more inclined to get what they want. For example, hackers are now demanding ransom but also adding conditions to their request; for example, if the requested ransom is not received in a timely manner, they will permanently delete files every hour they have to wait for the funds. But now instead of just files, they are able to stop the production of crucial resources that are required for businesses and its customers. This provides a sense of urgency and making a victim more reluctant to contact officials right away since time is of the essence. Deleting crucial data could be devastating to a company financially, but more so can result in loss of life if such attacks are geared towards hospitals or other entities that provide public health to communities. Another threat would be to expose sensitive data to the public such as credit card information, social security numbers or trade secrets of an organization. This, too, will also have a negative impact on a company setting them up for lawsuits, loss of business and loss of trust from consumers.

The creators of ransomwares invest lots of money to fight against antivirus and antimalware protection that so many depend on. These cybercriminals want to be able to fly below the radar and produce a resistant code that will not be detected by malware protection software. They also continue to invest in ways to create encryptions that will be impossible to be decrypted. They also have no interest in playing fair. As mentioned before, what we have seen is despite paying the ransom, many companies never receive all their data back or recoup all their funds paid out.

All organizations should have a plan in place to deal with such attacks:

  • A layered protection approach should be deployed on networks.
  • All data should be backed up using different medias and have an offline option.
  • Organizations should continue to train employees about the pitfalls of opening sketchy emails and links.
  • And always consult with law enforcement before paying any ransom to a cybercriminal. Paying a ransom never guarantees a release of data.

Just because all attacks don’t make headline news does not mean it is not happening daily. This year it is predicted there will be a ransomware attack on businesses every 11 seconds. That is up from 2016 which was approximately every 40 seconds. Ransomware is no longer an anomaly; it is part of all of our lives.