If I was to ask you what you think a mid-sized company’s loss from a ransomware attack would look like - what would you say? Most people grossly underestimate the cost. For context, let’s look at what happened just a few days ago with Cognizant - they’re estimating it’ll cost them between 50 and 70 million dollars to recover. That is definitely going to hammer their second quarter earnings.
Despite what we’d like to believe, ransomware and the costs associated with recovery are not uncommon and they are not insignificant. Norsk Hydro was hit just as hard in 2019, when a ransomware attack caused close to $70 million in lost revenue. And that’s just the losses. That doesn’t include the actual ransom payments.
In 2020, it is estimated that nearly $1.4 billion will be spent on ransomware costs in the U.S. alone. Global estimates vary greatly but some point to a possible $170 billion total price tag this year.
It is no surprise that ransomware has become a not-so-hidden, and clearly not silent, threat to the security of our data. Gone are the days when cybercriminals would focus their attention on large institutions with massive banks of private data, money reserves, and the ability to liquidate quickly.
Today, while some industries get hit harder than others, all industries are fair game, and ransomware assaults show no signs of slowing down. The price to get your own data from attackers’ hands is on the rise, and so is the threat to release that information to the public. And what we thought would happen in 2020 seems to be becoming a reality.
Here are 5 trends that were projected and are now a reality:
1. Government is getting hit, showing a 20% increase over 2019.
Government organizations make up the bulk of ransomware attacks, coming in at 15.4%, with healthcare coming in at 5.7%. That number could skyrocket during 2020, as COVID-19 tops the news and many people in these industries are working from home for the first time, increasing their attack surface and risk. According to the numbers for 2019, government organizations typically pay 10 times more for ransomware payments than any other sector. Given how 2020 is going, that’s not likely to change.
Attackers would look to take control of hospital data, government funding for COVID-19 patients, and even equipment itself. Approximately $30 billion was given to healthcare providers from the Coronavirus Aid, Relief, and Economic Security Act. That could be a huge paycheck for a hacker, even if just a small piece of that pie was up for the taking.
2. Cybercriminals continue to be opportunists
Attackers would use the Coronavirus to launch a COVID-19 campaign that pushed out 907,000 spam messages in the first quarter of 2020 alone. According to a public report, the email spam, ransomware, malware, and other tactics, would override part of the system and make rebooting impossible. Text on the screen directs the victim to communicate with the attacker to get their system back. This new approach moves away from hackers simply asking for money.
Cognizant learned how opportunistic attackers are firsthand. Instead of focusing on impacting customer systems, reports indicate that the attack in April focused on the systems set up for those working from home during the COVID-19 pandemic. Staff had to move rapidly to shut down the impacted systems, and to be safe, take down some customer-facing systems temporarily. The attack resulted not only in financial losses but in increased fears of stolen data and potential lost credibility with customers.
3. The United States will likely lose its status as the top target to attack
Between second quarter 2018 and second quarter 2019, the U.S. accounted for 53% of attacks. Canada and the U.K. followed. The U.S. has some of the best security in place yet still has more than 50% of its businesses being successfully attacked. In 2020, cybercriminals will continue to look to foreign countries to ramp up their attacks, going after regions with less security in place and, in some cases, less money to spend on protecting data. Saudi Arabia, China and Turkey are just 3 of the countries seeing ransomware attacks increase.
4. Old ransomware is still relevant
Several older forms of ransomware are still popular, including Sodinokibi and Ryuk. Sodinokibi currently accounts for nearly 30% of the market share, with Ryuk coming in right behind it at close to 20%. RDP and email phishing rank as the top 2 most common attack vectors. Phobos rounds out the third spot. With Ryuk targeting large businesses, it earned the largest average payments - $1.4 million. Sodinokibi would snag more than $327,000 and Phobos, more than $15,000.
Easy money is there for the taking. And the costs of individual payments continue to climb.
5. Ransoms are rising
Since the last quarter of 2019, average payments jumped 33% in the first quarter of 2020 – to a whopping $111,605! Maybe for some large agencies and companies that is a drop in the bucket or even the cost of doing business in a global market, but for a local government, law firm or other small business, any ransomware payment could be catastrophic – financially and professionally. One single payment could deplete an account and cause the organization to lose all credibility with its customers and the public. For some, it could be game over.
The reality is no one is safe.
For the remainder of 2020, safetydetectives.com tech experts hypothesize that IoT devices, social media, and utility infrastructure will probably become the next top targets. According to a recent survey of MSPs, IoT will be a more interesting attack vector to cybercriminals, along with using malicious links to target unsuspecting users on social media. There, users will likely openly share malicious links with their entire network.
Here are 3 things you can do to defend against ransomware:
1. Prepare for the inevitable
“I’d rather have it and not need it; than need it, and not have it.” Smart line from a decent sci-fi movie but all too true, regardless of the situation.
Now is the time to make sure you have top of the line software protections, test your systems, backup your data regularly, and establish “set in stone” protocols for staff. Prepare for ransomware before it happens, and that means training, mock drills, and planning.
2. Educate yourself and your team
Knowledge is power, and no one can take it from you.Do your homework. Stay on top of the latest attack methods and types and share them with staff. Training and reminders are key to preventing mistakes. You may not be the one who opens the phishing email labelled “COVID-19 Update,” but someone less careful might. And there goes your data!
3. Find a trusted expert to follow
If you don’t know how, find someone who does – now! No one knows everything and a strong leader always develops a team that speaks to the organization’s strengths and combats its weaknesses. If you don’t have the answer, find someone, or a team, who does. If you have holes in your security, now is the time to fill the gaps and increase training. If you don’t, opportunistic cybercriminals will be ready to invade your system and hold you hostage.
Ready to test your knowledge? Take our malware quiz for a chance to win an Amazon gift card!