Back in 2018, some cybersecurity vendors were reporting that cryptomining malware had infected organizations roughly 10 times more than ransomware. But since then, ransomware has climbed back to the top of the cybercrime landscape. Europol named ransomware as the top cyber threat organizations faced in 2019. And its impact is increasing:
“Even though law enforcement has witnessed a decline in the overall volume of ransomware attacks, those that do take place are more targeted, more profitable and cause greater economic damage. As long as ransomware provides relatively easy income for cybercriminals and continues to cause significant damage and financial losses, it is likely to remain the top cybercrime threat.”
Putting the Dominance of Ransomware into Perspective
Targeted attacks aren’t the only factor behind the ongoing prevalence of ransomware. Several other forces are also at play. Here are just a few of them.
The Rising Costs of Ransomware Infections
Higher ransomware amounts are common. A 2020 report indicated the average cost to recover from a ransomware attack more than doubled from $41,198 to a staggering $84,116. The Wall Street Journal reported that claims managers at cyber insurance providers regularly deal with ransom demands that exceed $1 million.
Ransom payments aren’t the only cost associated with ransomware. The same report found that downtime resulting from a successful ransomware infection increased from 9.6 days in Q2 2019 to 12.1 days in Q3 2019 to 16.2 days in Q4 2019. And if your organization falls victim to especially insidious ransomware attacks like Ryuk, where key assets like domain controllers and databases are targeted, recovery time and effort may be substantially longer.
Diverse Industries Impacted
Healthcare is one of the industries most targeted by cybercriminals. In its review of ransomware activity between Q1 and Q3 2019, for instance, one vendor reported counting about 500 ransomware attacks that targeted healthcare organizations — approximately 80 percent of the total number of campaigns observed.
But ransomware actors have other industries in their sights as well. A substantial number of U.S. cities and towns were the target of attacks between January and September 2019. In fact, nearly two-thirds of ransomware attacks for the first half of the year targeted local, county, and state government entities including schools, libraries, and courts.
These attacks have sometimes come with a significant price tag for affected governments. For example, WIRED wrote that the City of Atlanta spent at least $2.6 million recovering from a ransomware attack that occurred back in 2018. Meanwhile, the Baltimore Sun reported that the total cost of a recent ransomware attack against the city was expected to exceed $18 million.
The Ease of Setting up a Ransomware Campaign
Another reason why ransomware is still popular is that it’s extremely easy for cybercriminals to set up ransomware campaigns. The popularity of these attacks reflects a growing underground marketplace in which novice criminals can buy a subscription to use a malware author’s ransomware and keep a share of the ransom payments. To help bad actors use their products, many RaaS organizers even offer ticketing systems and step-by-step instructions to provide support to buyers.
How Organizations Can Protect Themselves
Ransomware is often spread through websites or drive-by downloads to infect an endpoint and penetrate the network. In an ideal world, organizations would be able to block ransomware at the perimeter using firewalls and antivirus software. But this grows increasingly difficult as cyber criminals use tools such as packers, polymorphism, and encryption to evade detection.
It’s clear now that organizations that have relied solely on prevention to stop threats like these are falling victim to attacks. Instead, detection and response technology is a more effective strategy, especially if it combines several technologies into a single platform.
NSX Network Detection and Response is an NDR platform that uses a combination of Network Traffic Analysis (NTA), Intrusion Detection and Prevention Systems (IDPS), and Advanced Threat Analysis to detect and contain the delivery of ransomware before it cripples an organization’s assets:
NTA | IDPS | Advanced Threat Analysis |
● Provides anomaly detection of certificates when traffic is encrypted
● Uses artificial intelligence and machine learning to detect beaconing, anomalous internal file transfers, and unusual traffic patterns |
● Detects Command and Control (C&C) traffic
● Uses threat intelligence to identify malicious IPs, domains, etc. |
● Dynamically analyzes file behaviors
● Uses artificial intelligence to detect malicious code |
Learn how you can use the power of NSX Network Detection and Response to defend your assets and data against a ransomware attack.