America was the victim of 34 percent of global ransomware infections in 2016, while only being 4.4 percent of the world’s population.
The “why” is clear; a whopping 64 percent of Americans are willing to pay to get their files back, as opposed to only 34 percent of victims worldwide, per Symantec’s 2017 Internet Security Threat Report.
Surprisingly, Symantec’s results show paying ransom doesn’t guarantee universal results as just 47 percent of global victims who paid up in 2016 reported getting their files back, which is in direct contradiction with our own experience, where we helped dozens of victims with a 95% successful return of all their files.
Note, these were organizations at their wit’s end who found us on the internet and needed help to get their files back after an employee opened an infected attachment, not existing KnowBe4 customers calling us about our Ransomware Guarantee.
Newly discovered ransomware families jumped last year from 30 in 2015 to 101 in 2016. The number of new variants of existing ransomware code, however, dipped. “It suggests that more attackers are opting to start with a clean slate by creating a new family of ransomware rather than tweaking existing families by creating new variants,” the report said.
Infections of consumers at the house counted for 69 percent, but Symantec found that that some attackers are executing more sophisticated attacks against businesses, where they silently penetrate the network, move laterally and then encrypt all machines at the same time.
The ransoms themselves also skyrocketed, climbing 266 percent last year, from an average of 294 dollars in 2015 to 1,077 dollars in 2016 helped by a Bitcoin price which is over 1,300 dollars at the time of this writing. The report also showed that attackers have begun customizing individual ransom demands based on the type of data and the volume of files that were encrypted.
Symantec Report Confirmed by Verizon, SANS and NTT
Verizon’s vendor-neutral 2017 Data Breach Investigations Report (in which KnowBe4 participated as a data source) found that ransomware levels in 2016 were up 50 percent over 2015 figures. Verizon also found that the types of attacks targeting organizations vary from sector to sector. For instance, manufacturing has the lowest median level DDoS level, but the highest level of espionage-related breaches.
The SANS 2016 Threat Landscape survey reported: “Phishing and spearphishing were among the top ways threats enter organizations, which setup a perfect storm for ransomware to blossom. 75% of threats entered via email attachment, 46% malicious link. User education alone is not sufficient. At a corporate level, perimeter protections, including email screening and ext-gen firewalls can reduce the volume of malware that can trip up an end user. From there, the endpoint needs every advantage to remain secure – behavior based malware detection, whitelisting, access control and appropriate network segmentation.”
The growing threat was further confirmed by more research from NTTSecurity: 2017 Global Threat Intelligence Report which found that 22 percent of all global incident engagements were related to ransomware, more than any other category of attack.
Of the ransomware attacks observed via NTTSecurity’s intelligence network, 77 percent were concentrated among four industries – business and professional services (28 percent), government (19 percent), health care (15 percent), and retail (15 percent).
Half of all incidents affecting health care organizations involved ransomware. “This may indicate that attackers have identified health care institutions as a vulnerable target more willing to pay ransom than other sectors,” their report noted.
[contentblock id=74 img=gcb.png]