If you thought it was bad when the FBI reported last year that ransomware was on the rise, you should read the forecasts for this year. According to SonicWall’s most recent Annual Threat Report, “ransomware attacks grew 167 times since 2015, from 3.8 million in 2015 to 638 million in 2016.”
This year, TrendMicro sees a 25-percent growth in the number of new ransomware families available for use in breaches. Reports of the encroachment of ransomware on government, law enforcement, critical infrastructure, and health and safety are already climbing.
CSO details the victims, ransomware and what has changed, what is at stake, and how to shunt ransomware attacks.
Ransomware revolution: victims unlimited
Several factors affect what entities attackers choose as they use ransomware more profitably. Whether an organization oversees lots of critical data or infrastructure is a factor. “Dated systems that contain vulnerabilities that the industry did not consider when the systems were developed control a great deal of critical infrastructure,” says Brandon Gunter, IT consulting senior manager at Moss Adams.
These vulnerabilities and the severity of encrypting critical infrastructure are attractive to criminal hackers. In July, RockwellAutomation reported a ransomware attack on the “manufacturing automation industry” in the form of a malicious file named “Allenbradleyupdate.zip” containing ransomware malware. These incidents are already occurring.
The ability to affect larger numbers of people is a factor. “Every government branch has millions of Americans’ data. The DMV has plenty of PII,” says Tyler Moffitt, senior threat research analyst at Webroot. Surround those millions of records with ransomware and either the DMV will have to effectively recover it or pay the ransom to avoid the damage to Americans. Ransomware took down more than 2,000 San Francisco Municipal Transportation Agency fare payment systems for subway trains in November, leaving passengers abandoned.
The urgency with which agencies must restore access to data and systems is a factor. “Consider a ransomware attack on a police network or 911 dispatch center, making those civil functions inoperable could result in many criminals getting away with preventable crimes,” says Kevin Hyde, managing director at Layer8. Driven to get back online, these agencies could be tempted to pay a ransom quickly. Ransomware has been hitting police departments since 2013. Some ransomware is “so impenetrable that even FBI agents have at times advised victims to just pay up and get their data back.”
The list of organizations and systems affected by some or all of these factors is lengthy. The list includes the Department of Defense, financial institutions, large retailers, power grids, water treatment plants, government agencies, law enforcement, and street security cameras, which comprise critical infrastructure and/or house valuable data, according to our experts.
Sign up for CIO Asia eNewsletters.