A new study by Trustlook, a cyber information and security firm, revealed that not only are hospitals and larger organizations hit by ransomware, but individual consumers are too. The number of ransomware attacks in general increased but the number of consumers that paid for the return of their data increased also. Consumers proved far less safe than a company’s cybersecurity infrastructure, and therefore stood out as easy targets.
In February, the Department of Justice called cybercrime “one of the greatest threats facing our country,” and that “[Cybercrime posed] enormous implications for our national security, economic prosperity, and public safety.” The DoJ prediction, so far, proved completely accurate. We have seen a new attack, data breach, or similar type of cybercrime on a near-daily basis.
Ransomware, until the latest release by the Shadow Brokers took the award for one of the most commonly used words and commonly used forms of malware. This year is not alone with respect to ransomware; Trend Micro reported that last year, this industry, for lack of a more fitting term, accumulated a combined revenue of $1 billion. One area that did change this year, though, was the addition of personal ransomware kits. Hackers started selling their wares on the darknet. It requires little skill for anyone to either purchase a “kit” that they could use for deploying ransomware or hiring another hacker to accomplish the job for them.
Trustlook found that many consumers lacked cybercrime awareness. This included ransomware. Companies, especially large or health-care related ones, have much deeper pockets than the average consumer. They are often willing to pay far more than any average consumer could pay. But companies started wisening up. Employees attended cybersecurity seminars. IT departments advanced in capability. Companies learned how to adapt, or at least how to learn their chances of becoming a target.
The average consumer, however, had not learned their lesson—as of the trust look study. Almost half the consumers interviewed by the firm found themselves unaware of the ransomware threat. Or, at the very minimum, that 48 percent did not worry about ransomware. Only 7 percent said that they would pay the ransom, if necessary.
- 17% of consumers have been infected with ransomware
- 38% of affected consumers paid the ransom
- $100-$500 was the dollar range of ransomware payouts by consumers
- 45% of consumers have not heard of ransomware
- 23% of consumers do not backup the files on their computer or mobile device
Allan Zhang, the CEO of the cybersecurity firm, said the increased use of pseudo-anonymous cryptocurrencies played a major role in the increased ransomware attacks. Additionally, unlike many traditional pieces of malware, ransomware is often delivered by email. The once-preventive line of defense, anti-virus software, became far less useful in 2017. Malware progressed at an increased rate, ransomware included. Anti-virus software historically lacked effectiveness when email-linked malware was the threat.
The CEO offered one piece of advice to consumers: “Backup your data to multiple devices, and to at least one device that is not connected to a network.” He added to “be cautious of emails by checking the sender’s email address before clicking any link.”