The results are in: 2016 was a dismal year for victims of ransomware:
- There were nearly 640 million ransomware attacks in 2016.
- In 2016, ransomware was in nearly 40% of all spam messages.
- Ransomware payments for 2016 reached $1 billion.
And now for the bad news; we’re only halfway through 2017 and things look even bleaker.
Nowadays, threats are harder to detect, automated attacks make everyone a target, and vulnerable devices are everywhere. Just when you think you’ve got everything figured out, sophisticated criminals are taking old threats and beefing them up with new technologies.
The recent Petya panic that came right on the heels of Wannacry is a reminder that when it comes to ransomware, you can never let your guard down.
Frightening Ransomware Disruptions
The havoc wreaked by Wannacry is a taste of what’s to come. Within days, over 200,000 computers were infected in at least 150 countries. When everything is taken into account, some estimate the final tally of the attack could reach $4 billion.
Ransomware is often spread by disguising itself as a legitimate update to a program you likely have on your computer, such as Word, Java, or Adobe Acrobat. Petya and Wannacry were different as worm-borne viruses. Worms have the ability to spread fast by replicating themselves and transferring to other machines. This is what enabled Wannacry and Petya to cause widespread disruption in such short windows of time.
What We Can Expect
Fortinet, a VLCM premiere technology partner, has exhaustively studied the security threat landscape. Here’s what they predict will happen in the coming year on the ransomware front:
- The proliferation of the Internet of Things (IoT) is going to cause big problems. It’s predicted there will be over 20 billion IoT devices online by 2020. But with the convenience of interconnectedness comes security issues.
- Threats will get smarter. Autonomous malware is here.
- Cloud-based computing is at risk. All of the millions of remote devices accessing the cloud open up vulnerabilities.
- Smart cities will be prime targets. Gartner estimates that by 2020, smart cities will be using 9.7 billion connected things—all ripe for a cyber attack.
- Ransomware-as-a-service (RaaS) will be big business. RaaS makes it easier for even small-time actors to get in the game.
How to Prepare
Sure the looming threat of ransomware is alarming — but by focusing on the following steps you can stomp out the threats before they gain traction:
- Set-up an incident response team. When recovering from an attack, time is of the essence, so have a plan in place. There should be defined roles and responsibilities, so employees, especially the IT team, know exactly how to react.
- Education. Training employees to recognize the most common ways cyber crooks infiltrate networks cannot be underestimated. They are your first line of defense. Stress the importance of using strong passwords, ensure employees don’t click on sketchy links and encourage a corporate culture where employees aren’t afraid to question things that don’t look right.
- Patching. The Wannacry hackers exploited a Microsoft program that had a patch available nearly two months before the incident. All businesses should stay on top of patching and make sure their software is up-to-date.
- Data backups. Ransomware is such a lucrative tactic for cyber crooks because they know how devastating it can be for an organization not to be able to access vital information. So keep important information backed up and stored offline.