Two years ago, the world woke up to a ransomware threat as WannaCry spread around the globe. Within days, the attack hit hospitals, manufacturing plants, and more, grinding operations to a halt as companies struggled to recover their encrypted systems.
Ransomware attacks have only arguably become more intense in the time since. In the past year, we’ve seen city and state government operations crippled for days and critical infrastructure systems targeted. These attacks have not only ground operations for these organizations to a halt, but also — in some cases — put lives at risk.
The cost of ransomware attacks in 2017 was estimated to be around $5 billion. These costs are predicted to rise to $20 billion by 2021. That’s a significant jump that puts ransomware as one of the fastest-growing attack categories out there — if not the most.
The average ransomware attack currently costs a company an average of $84,000, but even a single incident can cost a company millions of dollars in some cases.
Just look to the City of New Orleans, which is facing financial costs of more than $7 million for a recent attack. Or to FedEx, which lost $400 million in direct costs and lost production time.
Ransomware isn’t a new threat, even if it’s a quickly growing one.
The malware, which encrypts a victim’s data and demands a ransom payment in exchange for decrypting the data, was first documented in 1989. There were multiple documented cases over the years since, but it rose to public prominence in a big way in 2013 when CryptoLocker collected more than $27 million in Bitcoin from victims in just a few months. Ransomware has only continued to grow since, with multiple other prominent attacks, including WannaCry, Petya, and more, hitting companies around the globe.
Many factors may have led to this rise. The growing acceptance of Bitcoin, for one, has allowed hackers to demand a ransom of their victims in an untraceable and relatively seamless way. Also, the barrier to entry has been lowered, with online marketplaces offering ransomware-as-a-service capabilities that make it easy for even entry-level bad actors to launch an attack.
Finally, the proof of concept is there: High-profile attacks over the last few years have shown organizations’ willingness to pay when their data is encrypted.
Ransomware typically enters an organization through spam or phishing attacks, similar to many other forms of malicious software. From there, it can spread laterally across an organization to infect and encrypt critical systems or data.
The question then becomes: Should an organization pay the ransom?
A company may choose to pay with the hope of getting their encrypted files back as quickly as possible, especially if it’s a mission-critical system — like a medical records system at a hospital or the production line at a manufacturing plant.
The reality is that simply paying the ransom won’t guarantee the data or systems will be fully restored and essentially tells hackers that this type of attack continues to work.
While this might seem like the type of attack that would target large, cash-rich businesses that can afford large payouts, that’s not the case.
The vast majority of ransomware attacks — upwards of 70% according to some estimates — hit small businesses, who often have smaller security budgets and may not have as strong protections in place.
The reality is that ransomware affects every type of business of every size and in any industry.