The good news: Ransomware attacks against consumers are descreasing. The bad news: Enterprise ransomware attacks are on the rise.
Although the internet remains a dangerous place with its ever-present malware threats, ransomware has recently seen a sharp decline--for consumers, that is. A recent report from Malwarebytes found that ransomware targeting consumers has seen a sharp decline and consumer-oriented crypto miners have almost completely vanished. The bad news, however, is that this same report found that malware attacks against businesses have increased sharply during this same period. The rate of detections within businesses rose from 2.8 million in the first quarter of 2018 to 9.5 million in the first quarter of 2019. That’s nearly a 340% increase in detections. The question is why.
The rise in ransomware attacks targeted toward businesses, especially enterprises, can likely be attributed to two major factors.
The first of these factors is the Bitcoin price crash. For a period of time, the ransomware infection rate had decreased as malware authors turned their attention to cryptomining. It was presumably easier and more lucrative for malware authors to steal Bitcoin and other cryptocurrencies than to try to extort a ransom. However, Bitcoin hit its peak value of nearly $20,000 in December 2017. Although Bitcoin has seen a bit of a comeback recently, with current prices in excess of $9,000, this increase in value is very recent. At the beginning of 2019, Bitcoin prices were less than $4,000, which is only about 20% of its peak value.
Between the Bitcoin price crash of 2018 and the fact that security professionals began putting a lot more effort into cryptomining prevention, it was almost inevitable that malware authors would begin to focus less on creating cryptominers and go back to their original cash cow, ransomware.
The other factor that has almost certainly played a major role of the increase in ransomware targeting the enterprise is the emboldening of ransomware authors.
The infamous WannaCry attack proved beyond a shadow of a doubt that a ransomware attack could be wildly effective on a grand scale. Although healthcare companies received the bulk of the media attention following the WannaCry outbreak, the damage was by no means limited to the healthcare industry. Apple chip maker TSMC had to temporarily halt its manufacturing operations following a massive WannaCry infection. Total losses from the incident were estimated to have exceeded $250 million.
In many ways, WannaCry was a game changer. It was the first of the really large-scale ransomware attacks that were designed to inflict massive financial damage on businesses. After having witnessed WannaCry’s effectiveness, it was only a matter of time before other malware authors began to create similarly devastating ransomware.
One of the best examples of this is the NotPetya attack, which also occurred in 2017. According to some estimates, the worldwide losses from NotPetya were about $10 billion. Among those harmed by the attack were FedEx, which suffered a $400 million loss, and Merck, which lost $870 million. Saint-Gobain, a French construction company, was reported to have suffered $384 million in the attack.
Admittedly, these losses do not correlate directly to ransoms paid. Included in the losses are things like lost sales, data recovery efforts and the cost of improving cyber defenses. Even so, these costs clearly demonstrate to ransomware authors the value of enterprise data, and the willingness of enterprise-class organizations to spend massive amounts of money to recover and protect that data.
Ransomware authors know that they stand a good chance of getting paid if they can make it easier and less costly for a business to pay the ransom than to suffer an outage or undergo an extensive recovery effort. Perhaps more importantly, ransomware authors know that there is a high probability of businesses paying the ransom. A 2016 IBM study found that 70% of businesses that have been infected with ransomware have paid the ransom in an effort to regain access to their data. The study also found that depending on the data type, 25% of business executives said that they would be willing to pay between $20,000 and $50,000 to get their data back.
With global ransomware projected to generate global revenues of at least a billion dollars this year, ransomware authors are going to keep targeting businesses for the foreseeable future. It is therefore imperative for businesses to implement available safeguards, create regular data backups and educate employees on how best to avoid triggering a ransomware infection.