Use of Ransomware Skyrockets

Thursday, March 2, 2017 @ 05:03 PM gHale

Ransomware and Business Email Compromise (BEC) scams continue their upward spiral as bad guys continue to extort enterprises, a new report found.

Just looking at last year, there was a 752 percent increase in new ransomware families ultimately resulting in $1 billion in losses for enterprises worldwide, according to a report from Trend Micro.

Robots: Design in Security
Hacking for Safer City Streets
Defending Grid From ‘Nightmare’ Attacks
Simulated Attack Shows ICS Weakness

Trend Micro and the Zero Day Initiative (ZDI) discovered 765 vulnerabilities in 2016.

Of these, 678 came to ZDI through their bug bounty program, then ZDI verifies and discloses the issue to the affected vendor.

Compared to vulnerabilities discovered by Trend Micro and ZDI in 2015, Apple saw a 145 percent increase in vulnerabilities, while Microsoft bugs decreased by 47 percent.

The use of new vulnerabilities in exploit kits dropped by 71 percent, which is partially due to the arrest of the people believed behind the Angler EK that occurred in June last year.

Although organizations end up advised not to pay the ransom and focus on creating backups, this is easier said than done, the report said. Many of 2016’s new ransomware families ended up designed to target specific file types critical to businesses. These include tax return files, server files, virtual desktop images and the like. Database files used to manage pertinent business information have also become targets

Affected enterprises also had to withstand significant system downtime and corporate data loss. Despite not having any guarantee of getting their data back, organizations still opted to give in to cybercriminal demands, the report said.

In November, the San Francisco Municipal Transportation Agency ended up asked to pay 100 bitcoins (approximately $70,000) after a ransomware attack locked their computers. VESK, a provider of hosted virtual desktops, paid approximately $23,000 to get the decryption keys that would restore all of their services. The New Jersey Spine Center paid an undisclosed amount after attackers encrypted electronic medical records, disabled their phone system, and even locked out staff members from accessing their backup files, the report said.

In 2016, the Trend Micro Smart Protection Network blocked more than 81 billion threats for the entire year, which is a 56 percent increase from 2015. In the second half of 2016, more than 3,000 attacks per second ended up blocked for customers. During this time, 75 billion of blocked attempts ended up email based, showing email remains the top entry point for threats.

Click here to download the entire report.

Leave a Reply

You must be logged in to post a comment.