Security Trends/Attacks
Arctic Wolf Networks

Five Gravely Unsettling Facts About Ransomware

Three seconds.

That’s how much time you have to prevent ransomware from locking your data upon infection. In other words, organizations really have only one shot to stop it. That usually comes in the form of a call back to a command-and-control server for the encryption key. And sometimes you won’t even have that luxury – more advanced strains such as WannaCry don’t need to call home to start encrypting files. In those cases, your best defense is your incident response: How quickly can you stop the pestilence from spreading, and what data recovery mechanisms do you have in place? (And no, paying is not an option.)

If you’re not afraid of ransomware, you should be. Here are five more reasons why:

1. It’s the Top Threat to Health Technology

Ransomware recently took the no. 1 spot on The Emergency Care Research Institute’s “Top 10 Health Technology Hazards for 2018.” Encryption malware has devastated health care facilities in the past few years, primarily because they’re the perfect target in a hacker’s mind. In addition to the threat to patients that may result from an intrusion, hospitals and other medical institutions are at risk of facing heavy penalties under HIPAA if they fail to maintain ePHI availability. Not to mention that in the years to come, it won’t just be computers that are affected by ransomware. Internet-connected devices will be vulnerable, too (read more on that, here).

2. It’s More Lucrative than Legal Software Development

According to Gizmodo, legal software developers earn, on average, around $70,000 annually. Astonishingly, that’s $30,000 less than the average ransomware developer earns. That’s right: Ransomware developers rake in about $100,000 annually from an underground economy. That income is primarily the result of other hackers who want to buy these weapons of mass encryption. With that kind of money funding the world’s most dastardly cybercriminals, there’s little doubt in our minds that ransomware’s reign is only just beginning.

3. It Costs the Global Supply Chain Hundreds of Millions of Dollars

On Nov. 7, shipping giant Maersk confirmed to the public what it had already believed to be true: that NotPetya had a $300 million impact on its Q3 revenues. Incidentally, FedEx also reported a $300 million loss as a result of NotPetya’s June blitz. That’s $600 million in damages between just two companies from a single strain of malware – and it may get worse before it gets better. According to Ship Technology contributor, Joe Baker, the Maersk cyberattack may be an indicator that shipping companies are “dangerously unprepared,” for cyberattacks. Hopefully, time will prove that theory wrong.

4. It Prompted US Legislation

Speaking of shipping and the global supply chain, the House of Representatives’ Homeland Security Committee signed off on a bill that seeks to more effectively protect U.S. ports from cyberattacks. The muse for the legislation (called “the Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act”) was none other than NotPetya. The ransomware’s summer tear forced the shutdown of the largest terminal at the Port of Los Angeles.

5. It’s Evolving (Again)

Finally, ransomware is always changing. Case in point, a new strain of Locky has emerged, according to ZDNet. This new iteration, called Diablo6, is more elusive than its predecessors, and many traditional antivirus tools may fail to detect it. But Locky isn’t the only strain having a breakout moment. GIBON also made a debut recently. And while less complex than Locky, ZDNet pointed out an unfortunate truth about ransomware: It doesn’t have to be complex; it just has to work. The fact that Bad Rabbit, WannaCry and Diablo6 are sophisticated makes the problem that much more daunting, and for that matter, makes strong incident response that much more integral.