A New Threat on the Rise: Ransomware 2.0

You’re working diligently to reach your deadline, just a little while longer before your project is completed, when all of a sudden; a command prompt takes over your monitor. You are now denied access to your system.

The monitor reads:

Very bad news! I am a so-called ransomware/locker with the following advanced functions:
Encrypting all your data…..Done!
Collecting all logins, contacts, email, Passwords and Skype History…..Done!
Uploading all of it on a server …………………Done!
Sending a copy of those datas to ALL of your contacts…………..Pending

Now here is some good news:
The pending task won’t be executed and all your files will be decrypted as soon as you send at least $5000 worth in BTC within 72h to the following address

Now make your decision: Accepting the loss of privacy and data or sending the payment._

Needless to say, cyber-attacks and hacking methodologies are becoming increasingly sophisticated. According to the Cisco 2016 Midyear Cybersecurity Report, businesses are poorly prepared to deal with the next wave of even more sophisticated attacks.

The newest and most notorious amongst hacker schemes is ransomware. This type of malware prevents or limits users from accessing their system, by encrypting files. The victim is then required to pay a ransom in order to have their files unlocked.

According to the FBI, ransomware attacks have cost their victims a total of $209 million in the first three months of 2016, a huge surge from 2015, which cost U.S. victims $24 million in total. These numbers indicate a clear and alarming trend.

Ransomware Is on the Rise

Security research firm Malwarebytes reported nearly 41% of U.S. business having experienced an attack in the past year.  Even worse, in the UK, 54% of surveyed businesses have been targeted with ransomware. The same research team revealed that more than one-third of ransomware victims have lost revenue as a result of an attack.

Andy Buchanan, area vice-president for the UK and Ireland at security firm RES, said the research shows just how big an issue ransomware has become in the UK.

“Cyber insurance is fast becoming something every organization should have,” he added. “Think of the costs of a ransomware attack – legal fees, lawsuits, security – these all add up to a very expensive post-attack cost that no organization wants to take on – and we haven’t even touched on reputation.”

SMBs Lack the Resources to Fight Off Ransomware

After extorting millions from consumers, hackers figured out that small and medium-sized business make better targets. Let’s face the facts, most SMBs do not have the funds, sufficiently trained IT staff, redundant backup systems or advanced firewall and SPAM appliances in place to prevent or properly respond to a ransomware infection. This makes SMBs prime candidates for cyber-extortion, as their data is likely crucial to run their operation; they are more willing to pay the price.

One in Five Businesses Hit by Ransomware Are Forced to Close

It’s no secret that productivity loss is an expensive problem and companies are required to spend a significant amount of time on remediation.  The vast majority of small businesses hit by ransomware are down for two or more days.  Factoring in the cost and the average amount of time lost to an infection, the Aberdeen Group, a business consultancy, estimates that one hour of downtime costs a small business an average of $8,581.

ransomware 2.0

Ransoms demanded can be quite significant, over 20% of attacks demand more than $10,000. Certain industries are more vulnerable than others.  In a hospital, locked computer systems could mean that patients are improperly treated, creating significant liability. Los Angeles Hospital recently paid a $17,000 ransom to unlock their systems.

Paying the Ransom Can Be Tricky

Hackers demand payment in Bitcoin and usually give victims 48-72 hours to pay up.  Most businesses, however, do not readily have Bitcoins available and it could take up to five days to acquire them.  By then, the deadline has expired and the ransom price may have been increased markedly. As a result, banks are stockpiling Bitcoin as a precautionary measure in case they become infected with ransomware. Even if the ransom is paid, numerous IT heads reported incidents where data was not restored and others have reported immediately being attacked again.

The Problem Is Getting Worse

The projected cost of ransomware attacks is expected to reach $1 billion for 2016, in addition, attack incidents are expected to double in 2017; more so, enterprise-targeted ransomware attacks have become common. As a result of the success and profitability of ransomware attacks, this method of organized crime will continue to proliferate and become more sophisticated, highlighting the need for all organizations to have a comprehensive cyber insurance program.

Current Need for Cyber-Insurance

From a technological standpoint, it is impossible to achieve perfect cyber-security protection, even with the best staff and IT equipment available. This is precisely why security researchers recommend cyber-insurance as a tool for effective risk management and why most corporations now have a cyber-insurance program in place as part of their overall package.

Cyber, Privacy & Security Liability coverage affords a Cyber Extortion Coverage grant which can protect your business from ransomware and other cyber extortion threats. If your organization does not have a well-vetted cyber-insurance program in place, there is no doubt you should look at your options.

To learn more about the coverage and all Cyber, Privacy & Security Liability products has to offer, do not delay in contacting us at ARC Excess & Surplus. We will certainly assist you in this process.

This entry was posted in News. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.