A new report by Trustwave shows some stunning numbers. You would almost come to the conclusion you are in the wrong business. They looked at how much of an investment a cybercriminal spends and what their profits are.
Trustwave did some math and calculated it would cost $5,900 to buy a kit that may very well return up to 90 grand just in one month. Ransomware is a sophisticated new way to extort money out of individuals and organizations; it infects the machine and encrypts all files until about $300-500 in Bitcoin has been paid. At that time the files are decrypted, and the user has access to their data back.
A recent report from McAfee Labs showed that crypto-ransom infections nearly doubled in the first three months of 2015.
Incredible Money Being Made
"I was frankly stunned by the figures we got from this," said Karl Sigler, a threat intelligence specialist at Trustwave. He said they got this data from information on the Darknet and discussion on criminal forums. On average, a criminal needs three separate tools for an attack: the ransomware code itself, an Exploit Kit (EK) and millions of possible victims.
There is a well-developed criminal underground economy which has its own supply-chain that delivers all these elements online. Trustwave identified forums in Eastern Europe, Asia and Latin America providing all three elements.
In short, an investment of $5,900 gives you the malicious ransom code, an EK that functions as management portal for an attack, and a ready source of victims from a compromised site. The math goes something like this: If a ransomware attack infects 10% of the 20,000 visitors to a compromised website each day and only 0.5% of those victims paid the $300 ransom being demanded, then one campaign could net a criminal about $90,000 a month, Sigler said. "The money is there and the economy is there," he said. "If you lack the morals and ethics it can be easy to get into."
Should You Pay The Ransom?
Only as a last resort! Don't pay them unless you have no other choice. How do you prevent ransomware getting into your networks?
- Have backups at the ready, and test your restore function frequently.
- Update your workstations with the latest patches religiously.
- Run very good endpoint security software.
- Step your end-users through effective security awareness training.
The interesting thing is that there are competing ransomware gangs out there, and they are making sure that their customer service is excellent. Almost all of them "give you your files back" in the form of a decryption executable after you pay the ransom. You run the decryption and your files become available again. Some gangs even run support forums to help you recover your files.
If you are not a KnowBe4 customer yet, stepping all employees through new school security awareness training is a very good idea. Find out how affordable this is for your organization. Ask for a quote here and you will be pleasantly surprised.