The annual Black Hat security conference always produces a wealth of interesting papers, presentations, talks, live demos, and security news. This year's Black Hat USA 2016 event, which we are currently attending, has been no exception. Among the more eye-opening presentations so far was a multi-country study sponsored by our friends at Malwarebytes on the "state of ransomware."
As you might have suspected, the numbers are pretty bad and largely confirm the results of our own study, which revealed that ransomware infections have doubled in the last two years.
Fully 40 percent of businesses and organizations participating in the survey reported experiencing ransomware attacks in the past year. More shocking, however, were the reported impact of these attacks, almost half of which were launched through malicious emails (aka, phishing or malspam). Just over one-third (34 percent) of the surveyed organizations reported financial losses as a result of ransomware attacks. Worse, 20 percent had to halt business operations completely following a ransomware attack.
The growth in ransomware attacks has been explosive recently, with malware researchers seeing a 259 percent rise in ransomware delivered via exploit kits just in the past five months. In the first quarter of 2016 alone there were at least 32 new ransomware strains discovered. That kind of growth is driven by pure greed: almost 60 percent of ransomware victims pay the ransom, which is getting ever more expensive -- 20 percent of ransom amounts now exceed $10,000 dollars.
Costly Recovery Time
The effects of successful ransomware attacks on business operations were found to be especially severe. The average time to recover and return to normal operations was nine hours. A large number of organizations (63 percent), however, reported that the process of rebooting systems, fixing vulnerabilities, and patching endpoints required more than a full business day. Healthcare and financial organizations have been particularly hard hit, with 3.5 percent of affected organizations reporting that "lives were at stake" when their core operations were impacted by ransomware attacks.
You can read more extended summaries of this disturbing report on ransomware here:
- Ransomware rises to strike almost 40 percent of enterprise companies
- More than half of UK enterprises hit by ransomware attacks
Visit Us at Black Hat!
If you're at Black Hat this year, please swing by our booth (#1566) and say hello. We'd love to talk with you. Our experts are conducting live demos and we'll be giving away a free Oculus Rift.
Defending Against Ransomware: Take the First Step
All too often ransomware attacks succeed because organizations fail to take basic steps to protect, educate, and train their employees. One of the first steps you can take to harden your organization against ransomware is to assess just how exposed it is to email-borne malware attacks. In other words, just how big of an email attack surface is your company presenting to the outside world?
The Email Exposure Check is a one-time free service that can help answer that question. We will email you back a report containing the list of exposed addresses and where we found them within 2 business days, or sooner! This shows you your phishing attack surface which the bad guys will use to try to social engineer your users into opening an attachment infected with ransomware.
Don't like to click on redirected buttons? Cut & Paste this link in your browser instead: