Beware of this piece of malware that’s especially damaging for any data-driven organization.
It disguises itself as an email from a legitimate company, but attached is a file that will cost your business money and downtime.
What’s most dangerous about this malware is its legitimate appearance.
You may think that you’re opening an email from your boss, but you’re actually allowing malware to hold certain types of files hostage.
And that means you cannot access your files until you pay the ransom.
We’re talking about CryptoLocker.
And because of its plan of attack to collect funds, it’s also known as “ransomware.”
The average cost per ransomware attack to businesses was $133,000 in recovery costs in 2017, according to The State of Endpoint Security Today report published by Sophos.
But this cost doesn’t include only recovery fees – it also includes ransom, lost hours, downtime, device and network costs and lost opportunities.
And for some businesses, the monetary loss was much higher. In fact, 5 percent of respondents reported ransomware attacks that costed $1.3 to $6.6 million.
How can CryptoLocker Access Your Files?
Commodity groups are considered ransomware-as-a-service operations. In other words, there’s a team of criminals who work together to spread ransomware to as many victims as possible.
First, ransomware authors develop a new or updated strain. Then, they invite commodity groups to use it in exchange for a cut of each successful ransom payment.
Some of the most recent operations that were found this year are GandCrab, Saturn and Data Keeper.
If commodity groups aren’t dangerous enough for your RaaS, their partner in crime is even craftier when it comes to choosing their victims.
So it seems that there’s no known requirement that an organization must have in order to become the victim of a targeted group ransomware attack, but healthcare systems are evident in the trend.
There are many theories as to why healthcare organizations are targeted, such as willingness to pay large sums quickly and being notorious for using out-of-date systems.
The first theory proved to be true in one case when SamSam authors collected $55,000 in ransom from Hancock Health, a regional hospital in Indiana, earlier this year.
Hospital officials said they paid the attackers because restoring from backups would’ve taken days or weeks, and the organization needed access to the files much sooner.
So after paying the ransom, it was determined that backup files were corrupted so restoring was unsuccessful.
Along with healthcare organizations, financial and professional services also tend to be targeted. Other businesses, such as retail, manufacturing, education and hospitality showed to be lower on the target list, according to Beazley 2018 Breach Briefing.
WannaCry makes Ransomware History
The hacking tool, ETERNALBLUE, targeted the vulnerability in the SMB protocol that was specifically addressed by a critical Microsoft update, MS17-010.
It’s been revealed that nearly all of the computers that were attacked by WannaCry were running an outdated Windows OS that hadn’t been patched.
Fortunately, not many users were fooled by WannaCry. Only 0.07 percent of victims paid the ransom, which was only 314 payments, making the net balance a little over $120,000, according to a statistic used in a blog post by Barkly.
Ransomware numbers Decline … for now
As you can see, ransomware is still out there, attacking companies and costing millions.
And this vicious malware is predicted to do more damage in the future.
The global damage costs connected with ransomware attacks is expected to reach…
Are your business files protected from Ransomware?
Click on the button below, and Acumen will show you how to make sure, step-by-step.