Threat Management, Incident Response, Malware, Network Security, TDR

Threat to SMBs from ransomware on the rise, report

Ransomware is not going away, according to a new study from Arctic Wolf Networks.

The report, "Infection to Encryption in Three Seconds," found that the threat from ransomware is indeed pervasive as it seems. Arctic Wolf Networks, which provides managed security services for SMBs, reports seeing a 433 percent increase in ransomware attacks this year among its SMB customers.

Their findings are reinforced by a Kaspersky Labs report that ransomware attacks have increased five-fold in the course of one year, the researchers said. Additionally, the FBI's Internet Crime Complaint Center reported that a total of 2,453 ransomware complaints were received in 2015, costing victims more than $24 million dollars.

Their conclusion: Ransomware is only growing and businesses, both large and small, need to prepare. "Any cyber hack presents a threat to an organization, but ransomware does so by making it impossible to conduct business," the report said. "Without access to servers, devices and files, an organization is crippled, losing money with every minute that passes."

Reported ransomware attacks 

  • 433% increase in 2016 ransomware attacks 
  • 5x increase in the course of one year 
  • $24M in victim costs in 2015

Source: Arctic Wolf Networks

And the consequences resonate further than a one-time financial loss owing to the fact that a ransomware attack is crippling to business operations. Beyond disrupting network operations it can tarnish a firm's branding with its customers, the report said.

The preponderance of ransomware arrives into the organization via email and using social engineering tactics dupes recipients into clicking on a link that seems legitimate but actually delivers malware. However, the difference between this and other malware, the researchers said, is that it doesn't lie dormant in the system but rather takes immediate action. Within seconds the malware unpacks its load, executes on the infected system and subsequently connects with a remote C&C server to retrieve a key, which is then used to encrypt the victim's files. "It is only a matter of seconds from infection to encryption," the report stated.

Exacerbating the situation, the infection can then spread when a victim passes along an email to colleagues with the malware attachment. As the email arrives from a recognizable and trusted partner, the recipient is inclined to open it, thus spreading the contagion.

What the researchers found is that ransomware is becoming big business, with kits available on underground forums that make it easy for bad actors with little computer skill to get in on the action of extorting money. In fact, they said, marketplaces on the dark web, such as Hall of Ransom, offer infections and unlocking services. For example, the Locky ransomware is up for grabs at $3,000 and the simpler-to-use Goliath for $2,100. Lawrence Abrams of BleepingComputer discredits these offerings, claiming the coding doesn't make sense, and that Goliath may not even exist.

In any case, these illicit sites are certainly multiplying, the report found. Some are even extending their offers to include commission-based deals where the kit is free and miscreants pay off percentages of their earnings.

"The industry is focused on the damage caused by ransomware, and everyone agrees that there is no way to protect yourself completely from this threat," Brian NeSmith, CEO of Arctic Wolf Networks, told SCMagazine.com on Friday. "So we need to turn our attention to the effective solution, and that is rapid detection and response."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.