The Rising Face of Cybercrime: Ransomware

Tags:

The Rising Face of Cybercrime: Ransomware
Written by Noah Simon
Product Marketing Manager

Ransomware has been all the talk lately in the security industry- and deservedly so. These attacks have surged in the last year: hospitals, banks, and local police departments have all been infected with ransomware. Organizations have been paralyzed for days and weeks as a result of ransomware infections. In March, a MedStar Health clinic in Baltimore reportedly turned away patients and had trouble accessing electronic medical records. In a separate incident, the University of Calgary paid a $20,000 ransom earlier this year after malware encrypted the university's email servers. In addition to a financial loss for organizations that decide to pay ransoms, these attacks have the potential to cause severe operational disruptions for companies.

Thus far, criminals have cast a wide net, often distributing a malicious attachment to millions of email addresses in hopes of successfully infecting machines. These attacks have largely been opportunistic, often infecting organizations that have poor security hygiene. Many experts believe ransomware will only become more targeted, and more damaging as time goes on.

Security Performance Over time

In our latest Bitsight Insights report The Rising Face of Cyber Crime: Ransomware, Bitsight researchers set out to understand the spread of ransomware and which industries see the most infections. To put ransomware into greater context, we first observed the security performance of key industries of the last year.

Screen_Shot_2016-09-20_at_10.10.26_AM.png

 

Financial Services companies continue to exhibit excellent security performance, while the Education sector continues to struggle. Although some industries improved their security performance over the last year, data breaches were widespread in all industries, as were ransomware attacks.

Popular strains of ransomware

In this report, we observed the frequency of ransomware infections by looking at five well-known strains of the malware. Three of these variants are especially worth noting. Nymaim, a trojan that can be used to install a variety of malware, is typically associated with ransomware. Infections of Nymaim were high across all industries, with more than 11% of Education exhibiting infections. Locky, a strain of Ransomware discovered earlier this year, has already penetrated many Education, Government, and Retail organizations. Lastly, Matsnu, another type of Trojan malware that can remotely download and execute files, was relatively common across all industries.

ransomware-breakdown_small.png

what does it mean for businesses?

While ransomware is just one of many cyber threats affecting companies around the world, it is important that organizations take steps to mitigate the risk of being infected. Download our report to learn which steps are vital to reducing this threat.