Ransomware attacks are profitable and prolific, and the business is booming. A study of cyber threats by Trend Micro found that the ransomware industry was worth €949 million last year, while the number of new ransomware families grew by 752%.
Most of the time (79%), ransomware was spread via spam and victims clicking on malicious links or opening attachments that contained malware. Successful attacks continue to be productive, with Krebs on Security claiming that the average ransom payment following an attack is $722 (€680).
The growth of ransomware attacks coincides with the rise of ransomware as a service (RaaS), in which criminals without any technical skill can simply purchase the malware needed to commit an attack.
SMEs and local governments most targeted
The Trend Micro report found that small and medium-sized enterprises (SMEs) are the most targeted by ransomware attacks, claiming that this is because such organisations don’t have the money and staff to mitigate the threats.
IT resources tend to be less robust in smaller organisations anyway, but smaller organisations may also be tempted to think that they are not on criminals’ radars or that they don’t have any information worth ransoming. However, as Mark Weatherford, senior vice president for vArmour, notes:
“These [may be] sophisticated attacks, but they’re going for quantity over quality. They can make a lot of money, and the risk to them is very low.”
“I think that ransomware is a growing problem for everybody,” Weatherford said. “These crimes don’t know any bounds with respect to victims, and the pickings are easy with local governments.”
Raise awareness of attacks
The prominence of ransomware is largely due to how easy and cheap it is for criminals to get hold of and send malware. Because of this, such attacks are now dominating phishing scams. According to a recent study, 97% of phishing emails delivered ransomware.
With staff receiving dozens of emails every day, malicious emails can easily pass by unnoticed until it’s too late. Ransomware can sit in an infected computer for days or weeks before the attack is instigated.
Understanding whether or not an email is fraudulent is not as complicated as it may seem. The first line of defence is education, as the more that people know about cyber security threats, the less likely they are to fall victim to them.
Learn more about the risks of ransomware and other cyber security threats with our Phishing Staff Awareness course >>