The Stack Archive Feature

Ransomware: a growing global threat

Tue 3 Oct 2017

sponsored-dattoRansomware is seen as something of a revolution in the security community. Rather than stealing and selling confidential files and information, the attackers rely on the average user’s propensity not to backup files properly, and their fear of not being able to access critical information.

It further introduces the idea of user experience into the world of hacking. By instilling a sense of panic into the compromised user, then giving clear instructions as to how to regain the data, criminals are much more likely to achieve their aims.

Thanks to the simplicity and effectiveness of this process, global ransomware is on the rise. A recent report found that in 2017, ransomware became one of the most critical cyber threats to both consumers and organisations. The study notes that 463,000 ransomware attacks were detected in 2016 – with that number only a small proportion of the number of actual attempts, many of which are cut short early.

Global spread

Hackers have ‘honed and perfected the ransomware business model’ and others are realising how lucrative it can be

These attacks take place on an enormous scale. The malware most often makes its way onto the affected user’s system via an email attachment, with thousands or even millions of bogus emails being sent out to attempt to trap people.

This means that the threat is not restricted to any one particular geography. The WannaCry incident illustrated this very clearly – it was a truly global attack, affecting systems from the UK’s National Health Service, to FedEx, to Deutsche Bahn.

Number of Symantec detections for WannaCry May 11 to 15

credit symantec 2

Now that hackers have honed and perfected the ransomware business model, many others are realising how lucrative it can be.

Forrester research has discovered that ransomware has an excellent return on investment (ROI) and takes very little cyber skill, time, and effort for those with the right motivations.

The ease with which these attacks can be carried out is clear when looking at how many unskilled criminals are being recruited. Research on the dark web has revealed ransomware-as-a-service offered for a fee, tutorials for social engineering skills, and guides for beginners.

This means that the prospect of committing ransomware attacks is increasingly infiltrating criminal communities, and as demonstrated by WannaCry and similar attacks, they are happening worldwide.

Geographical differences

While they are happening across the globe, ransomware attacks differ in the manner they are carried out and the ways in which businesses respond to them.

There is a marked difference in the incidence of ransomware attacks that take place in different countries. The U.S. was victim of a third of the entire global count of ransomware attacks in 2016. Following the U.S., with between three and nine percent of the world’s attacks, were Japan, Canada, India, the Netherlands, Russia, Germany, Australia and the UK.

symantec ransomware by country

credit symantec

These countries, with one exception, are the constituent states of the G8 – meaning that these attacks are carried out largely against developed, stable economies. This is logical – in these economies, there will be the largest technological uptake and therefore more places to attack. Businesses and consumers in these countries will also be more able to pay a ransom.

Once attacks have happened, there are also drastically different results. Research has also shown that in the UK, more than a fifth of businesses that pay the ransom then go on to have their data stolen anyway, compared to a global average of 15%.

A separate survey found that one in five medium to large UK businesses do not have measures in place in event that they become the victim of a ransomware attack, and almost half of British businesses fail to back up their company data at least once a day.

Perhaps more worryingly, given that businesses are often advised not to pay a ransom, the poll found that 33% of British companies are stockpiling currencies like Bitcoin, in case of attack. It also found that more than a third of large British firms would be willing to pay more than £50,000 to get back intellectual property or data critical to the running of their business.

In China, following the WannaCry attacks in which major institutions such as oil companies and large colleges were affected, many organisations were unable to access the required patch because they had pirated OSs. Others were vulnerable because they were using old and outdated versions of Windows, which by that point were unsupported.

The effect of ransomware

Figures show that the majority of ransomware infections occur on consumer computers. However, most attacks are indiscriminate, meaning there is no reason why it could not happen to a business. A growing trend towards more developed, targeted attacks against businesses suggests that this could become more common.

With the number of ransomware attacks on the rise, their global reach growing, their complexity increasing, an escalating propensity for attacking business systems, and idiosyncrasies in different parts of the world, the best thing for businesses to do is to remain informed, aware, and prepared.


feature malware research security
Send us a correction about this article Send us a news tip