Powered by
INTELLIGENT BRANDS // Enterprise Security
State of Malware 2017
W
hile traditional malware such
as banking Trojans,spyware,
and keyloggers require the
cybercriminal to oversee multiple steps
before revenue is delivered to their
bank account, ransomware makes it a
seamless, automated process. Between
January 2016 and November 2016, we
found that incidents of ransomware
had almost doubled and, in the fourth
quarter of 2016 alone, we catalogued
nearly 400 variants of ransomware, the
majority of which were created simply
by a new criminal group trying to get a
piece of the pie.
What’s more, a survey we conducted
with Osterman Research in August
2016 found that nearly 40% of
organisations had been impacted by
a ransomware attack within the last
year. Among those ransomware victims,
more than a third lost revenue and
www.intelligentcio.com
20% had to cease operations.
Despite advice to the contrary, 40% of
organisations paid the ransom, which
can prove to be an expensive mistake.
Almost 60% of all ransomware attacks
in the enterprise demanded over
$1,000, more than 20% of attacks
asked for more than $10,000, and 1%
even asked for over $150,000.
It’s a gift that keeps on
giving
A year or so ago ransomware was
a concern, but we could take some
comfort in the fact that the
development and deployment of the
various families was only an option for
technically experienced
cybercriminals. But we’ve now moved
on. Ransomware-as-a-Service (RaaS)
provides wannabe cybercriminals with
the tools they need to execute an
attack of their own. And it’s terrifyingly
easy to execute. A ransomware
developer advertises their ransomware
product on an underground black
market forum, money is exchanged
(usually Bitcoin) and the wannabe
cybercriminal has their very own
ransomware, customised for their needs.
What’s more, propagators have moved
beyond the traditional malware targets
of individual PCs and have begun to
go after perhaps less obvious targets.
Recently, a hotel in Austria revealed it
had been the victim of a ransomware
attack that impacted the key card
system and meant guests were unable
to enter their rooms. Another recent
surprising target was a subway system
in San Francisco. In this example,
passengers were given a ride free on
the SF Muni subway after extortionists
demanded $73,000 when a hard-drive
was infected with ransomware.
INTELLIGENTCIO
59