If the news about ransomware in recent weeks hasn’t gotten your attention, then maybe the fact that its threat magnitude has grown 35X over the past year will jolt you into a state of awareness. Further, ransomware isn’t a threat confined to just a few industries or geographical regions; it is a global problem facing organizations—and even individuals—of all shapes and sizes.
Upwards of 4,000 ransomware attacks happen daily, infecting between 30,000 and 50,000 devices each month. The financial implications are skyrocketing. Ransom payments shot up from $24 million in 2015 to over $850 million in 2016, a number that most certainly will surpass $1 billion this year. The amount that criminals are demanding per attack is going up as well—more than doubling from $294 in 2015 to $619 in 2016.
Yet, the biggest threat from ransomware isn’t in the payment demands. It’s in the business impact. An astounding 20 percent of companies that have experienced a ransomware attack were forced to shut down their businesses. 63 percent of organizations indicate attacks led to business-threatening downtime. 48 percent said it resulted in the loss of data or hardware. And for those who acquiesced and paid ransom demands (42 percent of those affected admit they did so last year), one in four still never recovered their data. Additionally, with attacks increasingly targeting critical industrial control systems and healthcare infrastructures and devices, 3.5 percent indicated last year that lives were put at risk because of an attack. These are some scary numbers.
The linchpin for most ransomware attacks today is data. As companies digitize more of their assets, transition to a consumer-driven digital business model, and move more services to the cloud, the data target expands in scope. This has clearly not gone unnoticed, as cybercriminals are increasingly targeting this data. They infiltrate IT systems through hacks and then encrypt, lock, and exfiltrate files. They shut down operations and/or threaten to release private and confidential information. And with the emergence of Internet of Things (IoT), ransomware criminals are targeting control systems used for everything from vehicles to manufacturing assembly lines to power systems. Are you thinking ransomware is only something large enterprises should worry about? If so, you’re wrong. Because small businesses often operate without the proper data protections in place, bad actors see them as a prime target and are increasingly turning towards them for attacks. The financial impact is huge. Downtime caused by ransomware costs small businesses $8,500 an hour—or $75 billion annually!
The ransomware “bar” for cybercriminals is getting lower and lower. They no longer need to be experts in hacking and technology, but rather can easily and quickly acquire the tools needed to initiate attacks. The following are the most prevalent ways:
The threats posed by ransomware are real, and they continue to grow in scope and velocity. In a recent white paper, Fortinet outlined five things that organizations can do to thwart attacks:
Download our guide to learn more about how to stop ransomware and what to do to ensure adequate protections across the entire attack surface.