Cisco has released the 2016 Midyear Cybersecurity Report and their findings point to future, more sophisticated types of ransomware that will take full advantage of systems with less than satisfactory security measures, patching practices, and detection rates.
According to the report, ransomware has become the most profitable malware type in history. Since most ransomware is extremely difficult to decrypt, the majority of victims are forced to pay (in untraceable Bitcoins) to regain access to their data. At an average of $300 an incident, hackers are cleaning up.
Ransomware is commonly transmitted through email and malvertising (malicious advertising), infecting systems after a user “invites” it into their system, but Cisco notes more advanced ransomware is now coming into play which is able to infect systems and encrypt files without any user interaction. Basically, it sneaks its way into networks through vulnerabilities and systems with outdated security patches.
Earlier this year a different type of Ransomware known as SamSam hit MedStar, a non-profit that manages hospitals in Baltimore and Washington. The asking price to decrypt was 45 Bitcoins (approx. $18.5K). Luckily, MedStar was prepared. Thanks to early detection and up-to-date system backups MedStar was able to avoid paying the ransom. This is a prime example of the critical importance of adhering to IT and security best practices, having a disaster recovery/incident response plan in place and investing in tools that can, essentially, save your business from disaster.
“We expect the next wave of ransomware to be even more pervasive and resilient. Organizations and end users should prepare now by backing up their critical data and confirming that those backups will not be susceptible to compromise.” – Cisco
It’s also important to remember that you’re dealing with criminals during a ransomware event, so you cannot necessarily rely on them to provide the decryption key once ransom is paid, leave your files intact, or simply not repeat the encryption attack at a later date.
Aside from paying the ransom to the baddies, ransomware and cyber breach events have many other associated costs including, loss of brand reputation, third party IT forensic investigations, legal fees/penalties/fines, business interruption, recovery costs, and notification fees. You should certainly consider purchasing a Cyber Liability insurance policy to mitigate your cyber risks and these costs if a breach were to occur. If you already have a policy make sure you understand what is covered and what isn’t. Contact us if you have questions on how to protect your company from ransomware or need help securing/reviewing your cyber insurance coverage.
Click to download the full Cisco Midyear Cybersecurity Report (2016)