Blog / The True Scope of the Ransomware Problem
Nobody is going to deny that ransomware is a problem. Most probably won’t even deny it’s both a large big and growing problem. Yet there’s a problem with that assessment. We can only rely on the information that companies are willing to talk about.
Let’s step away from ransomware for just a second and talk about about traffic accidents, just to make a simple comparison. Most traffic accidents are reported to authorities. As part of their duties those authorities keep track of traffic accidents. There’s plenty that can be learned from information like this (chronically bad roads, vehicle defects, etc.). Because of this, specific legal obligations kick in when someone’s involved in an accident, so it’s reasonable to assume that most traffic accidents wind up getting reported despite the occasional hit and run.
The same is not true of ransomware infections. There are currently no legal requirements for ransomware infection reporting in place. You are “encouraged” to contact the RCMP, but zero legal compulsion and “encouraged” in this case means there’s a note on their website that no one would find if they didn’t go deliberately looking. Of course in the event of personal information or health record leaks there are definite reporting obligations, but that has no impact when data is just held hostage. This means that the data we have about ransomware infections only comes from the organizations that step forward and go public about their situation. We can only guess at the number of infections, ransom amounts paid, or disruption caused to any organization that choses not to disclose.
What’s worse is that regardless of the lack of legal reporting obligations, the publicly available numbers are already pretty staggering. In fact, there’s an entire website dedicated to tracking ransomware numbers.
RansomWhere is a website that tracks voluntarily reported ransomware information. As the time of distribution, the total amount paid out due to ransomware infections over the whole of history is (currently) just over $107 million USD . Also, the problem seems to be growing because the total amount paid this year is just over $45 million. That’s almost half of their estimated total. Moreover, because the site relies on voluntary discloser, those numbers are obviously incomplete. I personally know of multiple ransomware infections weren’t disclosed, along with multiple known infections whose payment details were never disclosed. In other words, the actual amount being paid out due to ransomware is much, much higher.
So what does this all this mean? Well, there are plenty of implications, but in this case, It means those criminals have a lot of money.
Ransomware gangs have been around for years now, and just because they’re criminals doesn’t mean they’re fools easily parted with their ill gotten gains. If anything, it means quite the opposite. They’re investing that money in their criminal enterprises. You can be certain that invest that ransom money into improving their tools and software, keeping abreast of patches and updates, and hiring new talent. In fact, I recently read an article about research showing ransomware groups now have enough assets to compete with nation-states for purchasing zero day vulnerabilities.
Clearly building ransomware defenses into your cyber security program from the ground up is a must. If you don’t know where to start, assume you were the victim of a massive ransomware attack, and build a disaster plan to recover from that situation. Then, work your way backwards through it. For example, as part of your plan, you’ll need to have backups, so make sure those get set up. You’ll also need to protect those backups, so add that to the list. You’ll probably want to make sure that the backups actually work. so set up a test routine. And so on.
While this is not complicated and doesn’t require a lot of experience or know how, it does require time, effort and money. In turn, your plant needs support from the ones who approve policy and changes in your organization. The drive for security shouldn’t be coming from your IT department. It needs to come from the top down.
Todays Shakespeare comes from Henry VI, “Wise men ne’er sit and wail their loss, but cheerily seek how to redress their harms.”
If you have any questions about ransomware, please reach out to your TRINUS Account Manager for some stress-free IT.
By Kind, Courtesy of Your Friendly Neighbourhood Cyber-Man.