$325 million.
That is the estimated amount American users paid to unlock and restore devices hit by ransomware last year.
A report by Symantec states that ransomware increased 35% in 2015 and is now targeting not only Windows-based systems but also smart phones and systems that run on Mac OS and Linux. Recently, security and antivirus labs reported that attacks on smartwatches and smart TVs are starting to occur and this has implications for the business world.
So What is Ransomware?
Ransomware is malware that locks a device or encrypts its content before asking for a ransom to unlock or decrypt the content. The cost to restore access or decrypt content varies and is usually in the range of $30-300; nonetheless, payments of up to $10,000 have been reported to the Internet Crime Complaint Centre (IC3). You may even remember the University of Calgary recently paying a $20,000 ransom after its systems were attacked.
Locking and encrypting malware usually targets vital business systems such as a computer that is processing customer orders, a CRM that is installed on-premises, a database, or another business critical device or application. This is the classic ransomware attack scenario.
BYOD
The rapid adoption of BYOD (Bring Your Own Device) practices within corporations has increased the risks of a critical mobile device containing essential business data being locked by attackers. A good number of senior executives and high-ranking employees use their own mobile devices to access corporate data and connect to corporate networks.
Recently, security researchers reported that some 85 million devices running Android worldwide are infected with a malware that can easily turn into ransomware. Only one of many existing malwares that can be exploited as ransomware is referenced; therefore, corporations should take measures to protect themselves against such types of known security threats. Even the yet to be released Android Nougat operating system does not provide 100% protection against ransomware that can lock users out of their smartphones or tablets. The iPhone is also vulnerable to ransomware attacks, which is one more reason to implement measures to protect business critical systems and devices.
1 in 200 Infected
Another report claims that at least one mobile device is infected within any organization using more than 200 iOS or Android mobile devices. The report also states that 4% of all mobile devices, including corporate ones, are infected with malware. So chances are good that a device owned by a corporation or used to access corporate systems is infected with ransomware like screen-lock malware or cryptoware.
The number of reported ransomware attacks on businesses should alarm corporations. Kaspersky Lab reports that between 2014 and 2016, the percentage of corporate users attacked by such malware nearly doubled to 13.2% of all ransomware attacks. So a threat that was aimed primarily at personal users has rapidly evolved into a full-fledged tool to blackmail corporate users.
With such a rapidly growing number of ransomware attacks on business critical systems and mobile devices, protection against this kind of malware is not only important but should be considered compulsory. Taking into account that such malware is targeting both corporations and public organizations, the estimated cost of damages from ransomware attacks is in the range of hundreds of millions dollars a year. Protection against ransomware has to be an essential component of any full-fledged antivirus and IT security system aimed at protecting the on-premise systems and mobile devices used by any organization.
Does your IT security system and your employee security training protect you sufficiently? Contact us for a security assessment.
