In 2017, on average only two organizations per month were being targeted with a ransomware attack. Over the past two years, that number has multiplied more than 25 times to over 50 organizations being targeted per month in today’s environment. Symantec stated in its report that “Ransomware continues to be one of the most dangerous cybercrime threats facing any organization,” adding that “while ransomware remains highly prevalent, the nature of the threat has changed markedly over the past two years and enterprises are increasingly being targeted by ransomware groups.” Brouse McDowell has been on the front lines protecting clients from these attacks, as well as assisting clients who have unfortunately been targeted themselves. Not only have the number of attacks increased, but the requested monetary ransom demands have also gone up exponentially.
According to the report, the United States has the most targeted ransomware attacks of any country in the world, with a reported 900 organizations affected, between January 2017 and May 2019. This is nine times higher than Turkey, the next highest country on the list, which had approximately 100 organizations affected by targeted ransomware attacks during that same time period. Symantec attributes the discrepancy in numbers to the fact that SamSam, a highly effective ransomware program strain, which uses a custom infection specific to each targeted organization, and which is often deployed using a wide range of tactics, has been used exclusively on organizations located in the United States. It is estimated that the reported number of attacks is actually much lower than the actual number of attacks that occur and go unreported around the world.
According to Symantec, several organized hacking groups have begun conducting targeted ransomware attacks using the SamSam program strain. The report explains, “Although targeted ransomware attacks account for a small percentage of overall ransomware attacks, they present a far greater risk,” in that “a successful targeted ransomware attack could cripple an ill-prepared organization.” Brouse McDowell Partner Craig Horbus will present on this exact topic at an upcoming interactive incident response simulation to help clients understand the impact such attacks could have on an organization.