Ransomware is not going away, according to a new study from US-based security outfit Arctic Wolf Networks.
The report, "Infection to Encryption in Three Seconds," found that the threat from ransomware is pervasive. Arctic Wolf Networks, which provides managed security services for SMBs, reports seeing a 433 percent increase in ransomware attacks this year among its SMB customers.
Their findings are reinforced by a Kaspersky Labs report that ransomware attacks have increased five-fold in the course of one year, the researchers said. Additionally, the FBI's Internet Crime Complaint Center reported that a total of 2,453 ransomware complaints were received in 2015, costing victims more than US$24 million dollars.
Their conclusion: ransomware is only growing and businesses, both large and small, need to prepare. "Any cyber hack presents a threat to an organisation, but ransomware does so by making it impossible to conduct business," the report said. "Without access to servers, devices and files, an organisation is crippled, losing money with every minute that passes."
And the consequences resonate further than a one-time financial loss owing to the fact that a ransomware attack is crippling to business operations. Beyond disrupting network operations it can tarnish a firm's branding with its customers, the report said.
The preponderance of ransomware arrives into the organisation via email and using social engineering tactics dupes recipients into clicking on a link that seems legitimate but actually delivers malware. However, the difference between this and other malware, the researchers said, is that it doesn't lie dormant in the system but rather takes immediate action. Within seconds the malware unpacks its load, executes on the infected system and subsequently connects with a remote C&C server to retrieve a key, which is then used to encrypt the victim's files. "It is only a matter of seconds from infection to encryption," the report stated.
Exacerbating the situation, the infection can then spread when a victim passes along an email to colleagues with the malware attachment. As the email arrives from a recognisable and trusted partner, the recipient is inclined to open it, thus spreading the contagion.
What the researchers found is that ransomware is becoming big business, with kits available on underground forums that make it easy for bad actors with little computer skill to get in on the action of extorting money.
In fact, they said, marketplaces on the dark web, such as Hall of Ransom, offer infections and unlocking services. For example, the Locky ransomware is up for grabs at US$3,000 and the simpler-to-use Goliath for US$2,100. Lawrence Abrams of BleepingComputer discredits these offerings, claiming the coding doesn't make sense, and that Goliath may not even exist.
In any case, these illicit sites are certainly multiplying, the report found. Some are even extending their offers to include commission-based deals where the kit is free and miscreants pay off percentages of their earnings.
"The industry is focused on the damage caused by ransomware, and everyone agrees that there is no way to protect yourself completely from this threat," said Brian NeSmith, CEO of Arctic Wolf Networks. "So we need to turn our attention to the effective solution, and that is rapid detection and response."