It’s fair to say that ransomware exploded in 2017. After inflicting an estimated $350 million in damage in 2015 and $850 million in 2016, at least one source estimates that it hit $5 billion last year. Most prominent among these were WannaCry, which shut down computers in 80 organizations affiliated with Britain’s National Health Service among many other infections, and Not Petya, which attacked many international companies’ computer systems.
Ransomware’s success at blocking users from accessing their own systems and demanding payment in order to restore that access stems from two key developments in the past decade. First, improvements in the strength and adaptability of encryption have given ransomware authors the tools to remotely lock up another person’s system. Second, the development of cryptocurrencies has given them the ability to demand and receive ransom funds that are difficult to trace.
Alarmingly, 2017 witnessed the appearance of the first ransomware worm, a version of ransomware that self-replicated and infects new systems on its own. On the plus side (if there can be such a thing) many of the year’s worst ransomware attacks utilized a known vulnerability in certain Microsoft products, for which Microsoft had already issued patches. Those companies that implemented the patch quickly avoided infection.
While particular vulnerabilities have a short shelf-life, the ability of ransomware to take advantage of newly-identified vulnerabilities and turn them into profitable schemes for unprincipled hackers means this problem is not going away. Right now, it’s estimated that a ransomware attack occurs every 40 seconds. By next year, it’s expected to be down to 19 seconds.
Putting it Into Practice: In addition to being vigilant about emails from unknown sources, make sure your company implements software patches as quickly as it can. This seemingly small administrative issue could save you millions of dollars.