At first, it may have felt like the plot of a bad movie, but ransomware operations have quickly become an all too real threat to governments, businesses and even individuals worldwide.
What Is Ransomware?
Ransomware is designed to encrypt a victim’s entire computer file system, whether it’s on a single computer or a networked system. Ransomware trojans can potentially cause irreversible data loss.
The intent of ransomware, as the name implies, is to extract a ransom from victims to decrypt and restore their data.
The average ransomware demand usually requires victims to pay in an anonymous cryptocurrency, such as Bitcoin. This makes it nearly impossible to trace the payment to the recipient of the ransom payment.
Who Were the Ransomware Victims in 2019?
Businesses and governments have been known to pay out upwards of a million dollars to ransom their data, and the threat continues to grow. In March 2019, The Beazley Group reported that small-to-midsize businesses, which tend to spend less on ransomware detection, or information security, were an increasingly popular ransomware target.
During 2019, the United States was hit by ransomware attacks that affected nearly 1,000 government agencies, businesses, educational establishments and healthcare providers. The potential ransomware costs of these attacks: over $7.5 billion from this criminal behavior.
The impacted organizations included:
- Over 760 healthcare providers.
- 110+ state and municipal government agencies.
- Nearly 90 universities, colleges and school districts, affecting over 1,200 individual schools.
Not all losses connected to ransomware victims were financial, as system disruptions also put at risk the health and safety of millions.
- Medical records were inaccessible and in some cases, were permanently lost.
- 911 systems and services were disrupted.
- Surveillance systems were taken offline.
- Police were unable to access background check information, including criminal histories and active warrants.
- Schools were unable to access information about students’ allergies and medication requirements.
Who Was Hit the Hardest by Ransomware Operations in 2019?
According to trusted ransomware statistics, the hardest hit government ransomware victim in 2019 was the Baltimore City Government.
That city’s computer system was infected by ransomware in May 2019, and the city’s government was left crippled for more than a month, as city officials refused to knuckle under and pay the ransom demand of $76,000 in Bitcoin.
Estimates put the cost of recovering from the attack at over $18 million dollars. (Nearly one year earlier, the Atlanta city government spent more than $17 million in recovery costs from a ransomware attacker that had demanded $52,000 in Bitcoin.)
Albany County in New York state was hit by three separate cyberattacks in the span of three weeks in late 2019. A Christmas Day attack resulted in the Albany County Airport Authority paying a ransom amount reported to be “under six figures.”
The start of the 2019/2020 academic year was marred for at least two schools, as Regis University in Denver, Colorado had its phone and internet service shut down by a ransomware attack, and Monroe College in New York City had its files encrypted by an attacker that asked for $2 million in Bitcoin to restore access to the college’s system.
In June of 2019, the Riviera Beach, Florida City Council voted to pay $600,000 in ransom to hackers that took over the city’s computer system.
Multiple healthcare providers were hit by a ransomware operation last year, with many victims paying the demanded amount. One provider paid $75,000 to decrypt its files.
In what may be the largest attack against a private company in history, Danish company Demant paid approximately $85 million to regain access to encrypted data. The company lost access to 22,000 computers in 40 countries from this malicious software. Its entire workforce of 35,000 people had to resort to using pen and paper until access to systems was regained.
Ransomware Facts & Figures
- While security firm Symantec found that the overall number of ransomware incidents are on the decline (down 20% in 2018 versus 2017), they continue to cause havoc among victims. Enterprise ransomware infections were up by 12% in 2018.2.
- A 2018 study by Bromium suggests this criminal behavior could bring in as much as $1 billion in ill-gotten gains. Ransomware costs businesses over $75 million per year. That figure includes the money paid for ransom, the loss in reputation for the firms, their downtime and other effects of the ransomware infections.
- 10% of all businesses hit by ransomware report the average ransomware demand was $5,000 or more. Nearly 40% of all victims paid the ransom
- IBM says one-quarter of business executives surveyed say they’d be willing to pay between $20,000 and $50,000 to regain access to encrypted data.
55% of survey respondents say they’d have a willingness to pay a ransom to recover access to digital family photos versus 39% of respondents without children.
- Each ransomware incident lasts on an average of 7.3 days, and results in an average downtime cost of $64,645.
- Bitcoin was the currency of choice among ransomware hackers, with around 98% of all ransomware payments being made using the anonymous cryptocurrency.
- The most common types of ransomware are Dharma, Ryuk, and GandCrab, which are all unique in their distribution methods, targets and costs.
Technically unsophisticated groups mostly use Dharma. Ryuk targets larger enterprises, making large ransom demands. (Ryuk was used in the Riviera Beach ransomware attack.) GandCrab is considered the most innovative of the bunch, as developers bundle it with new exploit attacks.
- Data decryption success upon payment of the ransom varied, depending on the virus used to encrypt the system. Dharma variants were the most unreliable when it came to data recovery, while data encrypted using GandGrab TOR almost always resulted in successful decryption.
- A Q4 2019 ransomware report from Coveware found that ransomware payments doubled due to the spread of the Ryuk and Sodonokibi strains. 98% of companies that paid the ransom received a decryption tool from the hacker, with 97% of victims reporting the tool worked to decrypt the files.
- Tech Republic reports that in 2018, 45% of U.S. companies hit with ransomware attacks paid the hackers ransom demands, but only 26% of those had their files unlocked. Organizations that paid the ransom were targeted and attacked again a whopping 73% of the time.
These ransomware statistics & facts are hard hitting and they are many more examples. However as you can see, you must be prepared in case this happens to you.
What to Expect in 2020 and Beyond
Ransomware infections will be sticking around, as the bad guys enjoy a lucrative cash stream. This is especially true now that bad actors can turn to readily-available ransomware packages that require little to no experience using them.
Here are a few predictions for what we might expect in 2020 onward.
- Ransomware operations have generally left the cloud alone. However, as businesses continue to move their servers and data to the cloud, the bad guys are expected to begin targeting this previously safe haven.
- Remote workers, who do much of their work outside the protected perimeter of the corporate network, could be targeted by ransomware bad guys. 25% of all breaches could happen outside of the perimeter in 2020.
- Cybersecurity Ventures expects The financial impact from cybercrime to increase to $6 trillion annually by 2021. Ransomware is expected to get worse and make up a proportionately larger share of cybercrime by 2021.
- In this U.S. presidential election year of 2020, voter registration systems and voting systems could become attractive targets of ransomware-using bad guys. While the Iowa Caucus fiasco isn’t believed to have been caused by malware, try to imagine such a fiasco on election night in November.
As you can see, ransomware is a clear and present danger to users on the internet. Users need to stay alert, avoid clicking on suspicious links on the web and in emails. Running antivirus and anti-malware protection on their computer and mobile devices with help with ransomware detection.
Ransomware Statistics Q&A
What Percentage of Ransomware Victims Pay The Ransom?
Recent data shows that as much as 70% of ransomware victims pay the ransom to retrieve their data. IBM Security’s X-Force researchers found that 20% of organizations hit by ransomware demands paid ransoms of more than $40,000, with 25% paying between $20,000 and $40,000.
How Many Ransomware Attacks Are There Per Day?
The United States Department of Justice estimates that there has been an average of over 4,000 ransomware attacks per day since January 1, 2016. This is a 300% increase from the 1,000 attacks per day mark set in 2015.
Can Ransomware Infect Encrypted Files?
File encryption or even disk encryption cannot protect you against ransomware. Even encrypted files can be encrypted again by the ransomware.
Who Created Ransomware?
The first known ransomware virus, dubbed the AIDS Trojan, was developed by Harvard-trained evolutionary biologist Joseph L. Popp in 1989. 20,000 disks infected with the AIDS Trojan were distributed to attendees of the World Health Organization’s International AIDS conference.
After 90+ reboots of an infected computer, the virus would encrypt the files on the hard drive. To decrypt the files, users would need to pay $189 to a P.O. box located in Panama.
- What Is Ransomware?
- Who Were the Ransomware Victims in 2019?
- Who Was Hit the Hardest by Ransomware Operations in 2019?
- Ransomware Facts & Figures
- What to Expect in 2020 and Beyond
- In Conclusion
- Ransomware Statistics Q&A
- What Percentage of Ransomware Victims Pay The Ransom?
- How Many Ransomware Attacks Are There Per Day?
- Can Ransomware Infect Encrypted Files?
- Who Created Ransomware?