In 2017, there were 184 million ransomware attacks worldwide. Although this is less than the 638 million incidents in 2016, it’s clear that ransomware is still thriving. In fact, cyber criminals are becoming more prevalent, more sophisticated and much more clever.
But, what do these attacks actually look like? And what are the potential effects of a successful ransomware attack on your business?
Ransomware attacks in action
“Ransomware is unique among cybercrime because in order for the attack to be successful, it requires the victim to become a willing accomplice after the fact”
It’s thought that phishing emails cause 46 percent of ransomware attacks, with 36 percent being a result of lack of employee training. Without the right training or defence mechanisms, ransomware could infiltrate your business in the blink of an eye, costing you your revenue and reputation.
To give you an idea of how bad a ransomware attack can be, here are three ransomware stories that will blow your mind.
In May 2017, the ‘WannaCry’ malware spread through computer networks across the globe. Exploiting a vulnerability in Microsoft Window’s operating system, it enabled hackers to encrypt organisations’ files.
Victims were then sent a note demanding $300 (£228) worth of Bitcoins in exchange for the decryption key.
Who did it affect?
Estimates suggest that WannaCry affected around 300,000 organisations worldwide. Most notably, however, were:
- The National Health Service (NHS), the UK’s biggest health provider
- Telefonica, a technology company and the parent to brands such as O2, Movistar and Vivo
What makes it so mind blowing?
WannaCry is one of the most fast-spreading ransomware strains ever. Within four days of its discovery, Avast had detected 250,000 instances of the bug across 116 countries. And, if that’s not worrying enough, the malware is still active a year later.
Not long after the WannaCry disaster, NotPetya took to the stage. Using the same Windows exploitation this ransomware strain began to spread quickly in the same way as WannaCry a few weeks earlier.
This malware, like many strains of ransomware, encrypted files and demanded Bitcoin payments. Overall, it’s thought the attack cost companies a mind-blowing $892.5 million (£677.8 million) in lost revenue.
Who did it affect?
Much like WannaCry, NotPetya’s victims were big, high profile companies. They included:
- TNT express, a subsidiary of FedEx
- Maersk, one of the world’s largest container shipping operators
Why was it so mind blowing?
NotPetya hit companies hard. FedEx lost $300 million in quarterly earnings and were still trying to restore their computer systems a month after the attack.
What You See Is What You Encrypt, otherwise known as WYSIWYE, is an example of ransomware evolution.
According to PandaLabs, hackers now have access to user-friendly interfaces which allow them to adapt malware with their target in mind before deploying it. Ultimately, this means that hackers have the potential to personalise the communications they send and handpick the files they’d like to encrypt.
Who did it affect?
It’s fair to say that WYSIWYE hasn’t plastered the news headlines to the same extent that WannaCry and NotPetya have. However, Panda Security do believe that WYSIWYE has affected numerous companies, including a hotel in Austria where visitors found themselves locked out their rooms.
Why is it so mind-blowing?
Cybercriminals spend their lives worming their way around company security defences. WYSIWYE is another example of criminals adapting in order to target companies in more sophisticated, personal ways.
Don’t wait for a ransom note
We hope these stories show the importance of protecting your business from ransomware. It is still as prevalent as ever, with hackers becoming more ruthless. To ensure your business isn’t targeted, it’s vital you invest in the right security measures, IT support and employee training.
When it comes to ransomware, protection is only half the battle. If you want to know how to respond to a successful ransomware attack, why not download our disaster response plan? If you do, you'll learn how to protect your business when it counts.