As the state of ransomware attacks shift from simple data encryption scams to attacks intent on bringing an organization’s network to its’ knees, the cost of remediation is expected to rise.
If there’s ever a time to pay attention to ransomware, it’s now. We’re watching this attack method evolve before our very eyes, changing into hybrid-attacks that leverage techniques normally found when data breaches, espionage, lateral movement, and island hopping are involved.
Give the shifts in attack methods, the increases in sophistication, and the rise in ransom amounts, Cybersecurity Ventures now predicts ransomware to globally costs over $20 Billion by next year. Part of this is due to an increase in the frequency of attacks, which Cybersecurity Ventures believe will occur every 11 seconds by 2021. Given their track record of historically being rather conservative with their predictions, the very large $20 Billion number should put some fear into organizations that aren’t ready for such attacks.
Some of the assumed increases revolve around the fact that ransomware damages aren’t limited to ransom payouts. Organizations have needed to replace infrastructure; perform system-wide recoveries; involve legal, PR, and investors; and work to restore the faith of their customers after an attack.
Other notable statistics and observations on the current state of ransomware include:
- 55% of small businesses pay hackers the ransom
- Ransomware costs are predicted to be 57x more over a span of 6 years by 2021
- New ransomware strains destroy backups, steal credentials, publicly expose victims, leak stolen data, and some even threaten the victim's customers
Ransomware is quickly becoming the attack you don’t want to experience.
Organizations serious about stopping ransomware need to look at the weakest points in their security strategy and find those weaknesses that are facilitating successful infections. One common weak spot is that of the user; without proper Security Awareness Training, these users fall for phishing emails that use even the simplest of social engineering tactics. It’s important to include plans to shore up user security to make certain they aren’t the reason ransomware gets a hold of your network.