KnowBe4 Security Awareness Training Blog

Why Ransomware Continues to Be an Immensely Profitable Business for Bad Actors

Written by Stu Sjouwerman | Apr 23, 2019 11:25:48 AM

Ransomware, arguably the most efficient malware used by cybercrooks in recent years, continues to wreak havoc on a global scale, affecting everyone and everything, from regular Internet users to enterprises to critical infrastructures. So why do hackers still win?

Ransomware operators have learned in recent years that attacks tightly targeting large corporations and national infrastructures yield much more profit than the en masse attacks on random endpoints. At the same time, many of these large infrastructures still rely on unpatched, or even unpatchable, legacy systems that are highly vulnerable to cyber-attacks.

When victims are left without a choice

In the last couple of years, ransomware families like WannaCry, NotPetya, GandCrab, Ryuk, SamSam and, more recently, LockerGoga, have inflicted tens of billions of dollars of damage worldwide, crippling businesses and critical infrastructures alike.

A recent example is the attack on a County in Utah, where officials resorted to paying ransom in Bitcoin to regain access to their systems and data. The type of ransomware used in the attack is unknown and it is believed operators encrypted not just the county’s live data but also the backups, leaving them no choice but to pay and hope to get back what was theirs. In this instance, the attackers stuck to their end of the deal, so Garfield County was lucky. However, paying the ransom doesn’t always yield the decryption keys from the attacker, either because:

  • the attack was only meant to disrupt (state-sponsored)
  • the command & control server is under investigation by law enforcement or the attacker is in prison
  • the communication channel between the victim and the attacker become severed
  • the crypto-wallet address in the ransom note is incorrect
  • coding errors in the encryption routine that irreversibly corrupts the encrypted file

…and the list could go on.

By targeting healthcare facilities – another emerging trend in recent years – attackers again press management and IT administrators hard to consider paying ransom. The reason is simple: freezing a medical center’s operations puts lives at risk and patient health history could be lost forever. The most recent example comes from the United States, in Battle Creek, Michigan, where a doctor’s office closed shop after a ransomware incident. A concerned mother was left scrambling for options to ensure her daughter got the necessary treatment, when it was discovered she required a follow-up intervention after an infection post-surgery. While this medical practice chose not to pay the ransom (for reasons still not entirely clear), many others have, to avoid further damages and maybe even bankruptcy.  Source

Ransomware Hostage Rescue Manual

Get the most informative and complete hostage rescue manual on Ransomware. This 20-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with malware like this. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:

  1. What is Ransomware?
  2. Am I Infected?
  3. I’m Infected, Now What?
  4. Protecting Yourself in the Future
  5. Resources

Don’t be taken hostage by ransomware. Download your rescue manual now! 

Or cut&paste this link in your browser:  http://info.knowbe4.com/ransomware-hostage-rescue-manual-0