BLOGUE

It's Time You Get Serious About Ransomware

Rachael Shah Miniatura
Raquel Xá
Published September 20, 2022

I can’t stop thinking about ransomware.

Honestly, up until a month ago you’d find me patrolling the internet for the latest celebrity gossip. Or spending hours getting lost in how I should prep my lawn for next year and what’s the secret to perfect empanada dough. Any leftover brainpower I’d dedicate to breaking down restaurant reviews and finding advice to keep my Great Pyrenees, Jack, healthy and happy—not to mention quieter.

Ransomware was not on my radar.

But that’s changed.

I can’t fully explain the shift except that somehow, someway the magnitude and consequences of ransomware attacks really sunk in.

Simply put, ransomware is scary. It’s devastating.

Or, as F5 CEO François Locoh-Donou put it, ransomware is an epidemic the entire world’s facing.

These are some of the facts that really opened my eyes to how serious a threat ransomware continues to be and why I can’t stop thinking about it:

Ransomware criminals don’t discriminate—they can target anyone, anywhere.

You could be next. Or me. Or your grandparents. Or the local, small business where you grab coffee every Saturday morning. The schools your children are going back to aren’t safe. The NBA isn’t even off limits. Or the healthcare systems we all rely on so much, making the consequences of ransomware truly life or death. Ransomware attacks can lead to the end of a business or livelihood. No one is immune from ransomware attacks. Not even large enterprises with dedicated security teams to build out intensive security strategies. I mean, just the other day Cisco reported a ransomware attempt after confirming its systems were breached a month ago.

Ransomware gangs are demanding—and they keep upping the ante.

Known ransomware payments totaled a jaw dropping $400 million globally in 2020 and topped $81 million just in the first quarter of 2021. What got it so high? Well, cyber criminals are greedy. Over two-thirds of organizations that were victims of ransomware saw combined losses between $1 million and $10 million in 2022. And ransomware criminals keep expanding their arsenal of extortion tactics. First there was single extortion, the classic ‘we’ve encrypted your files and you can’t access them until you pay up’ kind of play. Then entered double extortion in 2020, where your stolen information’s threatened to be made public. Nowadays ransomware gangs can choose triple extortion, a ripple effect where critical or sensitive information on customers, relatives, or any other entity stolen from the main victim is leveraged to extort those affiliates. Ransomware gangs may also launch DDoS attacks against a victim’s websites and applications, in addition to all other forms of attack. So, maybe that’s a quadruple attack?

Ransomware attacks are happening at an increasing rate—and show little signs of slowing down.

Within the last few years ransomware grew from less than 6% of all data breaches in 2019 to a whopping 42% of all data breaches in 2021. That’s alarming. But it makes sense, unfortunately. After all, one of the main gateways for executing ransomware attacks is through phishing. It should be a good thing that 90% of all internet traffic is encrypted today. But with good comes bad. And in the case of ransomware, cyber criminals are taking advantage of this protection and hiding their malware to try and go undetected. Since 83% of phishing websites are now encrypted, ransomware gangs have a massive playground. The rise in attacks are also fueled by hackers making it easier for just about anyone to execute their own extortion plans by selling ransomware services and software. What used to require a level of technical sophistication can be purchased—cheaply at that—and launched by virtually anybody now.

Ransomware attacks are crushing and disruptive.

They need to be taken seriously.

Unless you can predict the future, you’ll never fully know when a ransomware-focused group or individual might target you. It’s important to take a proactive, defensive approach. Specific efforts will vary in size, shape, and scope, but the easiest thing anyone can do starting right now—whether it’s you, me, your grandma, or any small business to large enterprise—is get informed. Be aware. Educate others on the ransomware threat landscape.

Don’t fall victim to opportunistic cyber criminals trying to score quick cash—or crypto—at you or your organization’s expense.