Businesses are now paying an average of $1,400 to rescue their IT systems from ransomware according to a new report from business cloud services provider Intermedia. According to Cybersecurity Ventures, global damages from such attacks are expected to surpass $5 billion this year.
Among the most damaging ransomware attacks to date in 2017, the worst by far was NotPetya, according to a separate report released today by the IT security firm Webroot. The company called this year's ransomware threats "unlike anything we've ever seen."
Europol recently echoed that assessment in its annual threat report, which placed some of the blame on growing connectivity aggravated by poor digital hygiene and security practices. What's more, Intermedia warned that ransomware attacks are not only growing worse, but are driving a vicious circle in which victim payments are helping to fuel subsequent waves of attacks.
Employers and Employees Alike Are Paying
In its second installment of a three-part report on data vulnerability, Intermedia today found that business efforts to educate employees about the risks of ransomware are falling short. As a result, poor security practices and workplace confusion are driving IT-related ransom payments to record heights.
The threat is especially great for small and medium-size businesses that might not have the security and training resources of larger enterprises, according to Intermedia CTO Jonathan Levine.
"Ransomware can infiltrate and shutdown an entire business through one infected computer," Levine said in today's installment of Intermedia's 2017 Data Vulnerability Report. "More often than not, SMBs feel they are forced to pay a ransom they can't, but must, afford. And hackers realize this."
Based on an online survey of more than 1,000 office workers, Intermedia found that the costs of ransomware attacks are falling on both businesses and their employees. Fifty-nine percent of those surveyed said they had personally paid a ransom in work-related IT threats, while 37 percent reported their employers had paid ransoms. Among Millennials, the most digitally savvy generation in the workplace, 73 percent of those affected by IT threats on the job said they had personally paid ransom.
"Employees may see paying the ransom out of their own pockets as the quickest and easiest way to get their data back, when in actuality, 19% of the time the data isn't released, even after the ransom is paid," the report stated. "Organizations need to focus education efforts not just on what ransomware is, but what steps employees should take if they are impacted."
Worst 2017 Attack 'Engineered To Do Damage'
Of the many ransomware threats that hit globally this year, the most destructive was NotPetya, also known as Petya, according to a Webroot assessment released today titled: "Top 10 Nastiest Ransomware Attacks of 2017." That NotPetya attack came in at number one because it was "engineered to do damage to a country's infrastructure."
Emerging in June, NotPetya spread from Ukraine and Russia to cripple thousands of business systems around the world. Distributed through legitimate tax accounting software from a Ukrainian company, NotPetya proved to be more of a wiper-based attack than ransomware, with victims having no effective way to make and verify ransom payments.
Like WannaCry, another malware attack launched this year, NotPetya was based on EternalBlue, a Microsoft vulnerability that had been exploited for years by the U.S. National Security Agency before it was stolen and revealed by the Shadow Brokers hacking group in April.
NotPetya "wasn't designed to extort money from its victims like most ransomware," Webroot said. "It was created to destroy everything in its path."
In its Q3 2017 earnings call last week, for example, the pharmaceutical company Merck revealed that the NotPetya attack in June led to $135 million in lost sales and another $175 million in other costs. It added that it expected to report similar damages in its fourth-quarter results.
Following NotPetya, the year's top 10 list of most damaging ransomware attacks are: 2) WannaCry, 3) Locky, 4) CrySis, 5) Nemucod, 6) Jaff, 7) Spora, 8) Cerber, 9) Cryptomix, and 10) Jigsaw.
"This list is further evidence that cybercriminals will continue to exploit the same vulnerabilities in increasingly malicious ways," David Dufour, Webroot's vice president of engineering and cybersecurity, said in a company statement. "Although headlines have helped educate users on the devastating effects of ransomware, businesses and consumers need to follow basic cybersecurity standards to protect themselves."
In its report today, Intermedia recommended that organizations need to do more to educate employees on how to respond to ransomware attacks and have backup measures in place.
"Even once the initial damage is done, educated employees can still help to contain the infection by closing their computer to get it off the network," Intermedia said. "Employees need to know about the dangers of dealing with cybercriminals directly. Organizations cannot let shame or lack of knowledge drive their employees to feel like paying a ransom themselves is even an option. Simultaneously, organizations should have a continuous backup product. This will reduce the file restoration process down to minutes. Productivity won't be held at a standstill, and businesses won't need to pay the ransom in the first place."