Ransomware Sees Resurgence in 2018

Photo courtesy of Comodo Antivirus

According to SonicWall’s mid-year 2018 cyber-threat report, ransomware attacks have increased 229 percent over 2017. Despite increased cybersecurity efforts implemented by businesses, ransomware isn’t going away, and the numbers are alarming. By 2019, global losses from ransomware attacks are expected to hit $11.5 billion.

2018 Ransomware by the Numbers

• 92% - The percent of organizations that have reported seeing malware/ransomware attachments via email over the last 12 months. In addition, 52 percent of these organizations have seen an increase in the volume of attacks over the last year.
• 88% - In Q3 alone, ransomware attacks have increased by 88 percent. This increase is mostly due to the evolving GandCrab ransomware variant that was discovered in January. GandCrab functions like a Ransomware-as-a-Service (RaaS) and has gained popularity by demanding payments in Dash, a privacy-focused cryptocurrency.
• 56% - Just under six in 10 individuals believe their organization has the ability to restore all important files or systems from backups if they were infected by ransomware.
• 27% - The percent of organizations who have seen their business operations affected by a ransomware attack through the last 12 months. However, this problem is increased depending on geographic location. 35% of US organizations and 32% of Australian organizations have reported being affected. The UK faired the best with only 19% of organizations reporting being affected by ransomware.
• 20% & 26% - Only 20% of organizations are confident their employees can spot and defend against ransomware through email attachments. Furthermore, only 26% of organizations are completely confident their cybersecurity defenses can do the same. Safe to say, organizations are not confident in their ability to defend against ransomware attacks.
• 3 – The average number of days an organization’s systems are down after incurring a ransomware attack. How much money and would your organization lose if your systems were down for THREE days?

The Average Cost of a Ransomware Attack

In January 2018 Sophos, a U.K.-based cybersecurity firm, published a study encompassing the cost of a ransomware attack. The study surveyed more than 2,700 IT decision-makers from mid-sized businesses in 10 countries worldwide. The survey found that 54 percent of organizations were hit by a ransomware attack in 2017. Of those hit, 31 percent believe they will be infected by a ransomware attack again in the next 12 months. Alarmingly, once a business has been hit with a ransomware attack once, they become bigger targets for future attacks as hackers see the company as vulnerable. In fact, over half of those who have been hit with one ransomware attack have incurred a second infection.

“Ransomware is not a lightning strike – it can happen again and again to the same organization. We’re aware of cybercriminals unleashing four different ransomware families in half-hour increments to ensure at least one evades security and completes the attack,” said Dan Schiappa, senior vice president and general manager of products at Sophos.

Let’s go back to the ransomware numbers. $133,000 – the average cost of a ransomware attack. This figure extends beyond any ransom demanded and includes downtime, workforce and device costs, and lost opportunities. Of the 2,700 included in the survey, 135 of those reported a $1.3 million to $6.6 million cost from their ransomware attack.

Despite ransomware grabbing international headlines over the last couple of years, businesses still have inadequate protection against ransomware attacks. Given the frequency and financial impact of these attacks, all businesses need to reevaluate their cybersecurity measures to combat ransomware and all other cyber threats that could cost your business, its business.