Over the past year, the BakerHostetler Incident Response team has closely monitored data breach trends, and we are confident in concluding that 2016 was the year of ransomware. Nothing has had a greater impact or has been as widespread in 2016 than ransomware.
From a hospital in California to a police department in Massachusetts, ransomware has been a plague for organizations large and small. And yet, despite being around for years, 2016 was the year ransomware became an epidemic. Security firm Kaspersky Labs estimates that in the third quarter of 2016, a ransomware infection was occurring every 30 seconds, and a November 2016 study by SentinelOne found that half of all companies surveyed reported a ransomware attack in the past 12 months. With the FBI announcing that ransomware was on track to be a billion-dollar criminal enterprise, it’s no secret that money has been fueling this outbreak.
If you haven’t experienced a ransomware infection, don’t worry, you will. And while the impact of ransomware on your organization could be catastrophic, with advance preparation, it doesn’t have to be. The key is solid employee training, proper network segmentation and backups that are complete, up-to-date and regularly tested. Organizations that have prepared for an infection may find that ransomware is little more than a nuisance, much the way computer viruses and worms were back in the ’90s and early 2000s.
But don’t expect this threat to go quietly (or anytime soon). Ransomware has been surprisingly resilient. The phishing emails that propagate ransomware have become more sophisticated with some variants that have been known to target backup systems. Two trends that we expect to continue into 2017 include the use of full disk encryption by ransomware to deny access to the entire system and the use of ransomware as a method of monetizing hacking activities.
First, ransomware that utilizes full disk encryption denies access to both the files and the computer system it infects. This becomes an added pressure point because the infection impacts other aspects of the organization. For example, the San Francisco Transportation Authority experienced this type of ransomware firsthand when ransomware infected its ticketing system in November.
The second trend we expect to see in 2017 is the use of ransomware to monetize hacking activities. Some organizations do not take information security as seriously as they should, either because of a lack of resources or because they do not see themselves as a target due to the lack of valuable data, e.g., credit card information or financial data. These organizations might have experienced a breach in the past but might not have been aware because the attack did not affect their systems or operations. Ransomware provides an easy way for attackers to profit from their hacking activities. Small to medium-size businesses that are not prepared will be hurt the most by this trend.