In the past, we saw malware outbreaks such as LoveBug, SQL Slammer, and DOWNAD, but haven’t seen such an epidemic for almost a decade now. Malware outbreaks were supposed to be a thing of the past. However, 2016 became an unprecedented year in the modern era of cyber security, with the game changer in the name of ransomware.
Ransomware is a very different type of cyber threat in the modern era, in the sense that cybercriminals let you know that you have been hit by an attacker. This is a stark difference from the modern threats such as targeted attacks, which employs tactics of invisibility for the sake of stealing information such as trade secrets, PIIs and so on.
Up to a couple of years ago, ransomware was becoming a major threat especially for consumers. However, due to the nature of the crime demanding ransom in exchange for ways to decrypt encrypted data, it was only a matter of time cybercriminals started using the same threats to target businesses. It was no surprise cybercriminals started targeting businesses because of the nature of data they are dealing with on a daily basis. (Financial sheets, sales reports, customer data, without the data, business operations will be severely affected).
In 2016, Trend Micro received more than 2,000 ransomware cases from enterprise organisations in Japan, in desperate need for data recovery *¹. The volume of which ransomware cases were filed is 3.5 times more than the previous year. We saw the number of new ransomware families grow from 29 to 247, 752% increase in 2016, indicating that the threat became such a gold mine for cybercriminals*². These stats just show how serious the issue of ransomware was in 2016.
One of the key factors in the ransomware epidemic in the enterprise is the fact that affected entities ended up paying a huge sum of ransom in order to get business back to normal. According to our survey, staggering 62.6% of respondents who were hit by ransomware infection ended up paying ransom in exchange for a key to decrypt their data*³. Also, among those who paid ransom, 57.9% paid over 3 million Japanese Yen (approximately 28,000US dollars) to recover their files*³. It goes to show that the extortion tactic is much more profitable targeting businesses than consumers for cybercriminals.
The other factor is the availability of Ransomware-as-a-Serivce (RaaS), which made it easier for newbie or less-technical cybercriminals to adopt the criminal tool to fool the victim. RaaS is available in the cyber underground market, which provides the necessary platform for cybercriminals to carry out their own extortion campaigns.
*1: The number of ransomware cases filed to Trend Micro by enterprise customers in 2016
*2: 2016 Annual Security Roundup
*3: Enterprise ransomware survey, Trend Micro