[BreachExchange] Paid in the USA: Americans more likely to pony up when infected with ransomware

Destry Winant destry at riskbasedsecurity.com
Thu Apr 27 00:11:14 EDT 2017


https://www.scmagazine.com/paid-in-the-usa-americans-more-likely-to-pony-up-when-infected-with-ransomware/article/653106/

The U.S. suffered 34 percent of global ransomware infections last year –
and it's no wonder why, with 64 percent of Americans willing to pay to
retrieve their encrypted files, compared to just 34 percent of victims
worldwide, according to the 2017 Internet Security Threat Report from
Symantec.

And yet, paying the ransom doesn't guarantee a satisfactory resolution, as
only 47 percent of global victims who paid up in 2016 reported getting
their files back, the reported noted.

Based on data accumulated from Symantec's Global Intelligence Network,
antivirus ransomware detections increased by 36 percent from 2015 to 2016,
from 340,000 instances to 463,000 – although many more attacks were blocked
earlier in the infection process.

The number of new ransomware facilities discovered also jumped last year,
from only 30 in 2015 to 101 in 2016. The number of new variants of existing
ransomwares, however, dipped. “It suggests that more attackers are opting
to start with a clean slate by creating a new family of ransomware rather
than tweaking existing families by creating new variants,” the report
explains.

Ransomware infected machines operated by individual consumers 69 percent of
the time, although Symantec noted that attackers are also developing more
sophisticated attacks against businesses, silently penetrating their
networks and moving laterally until they can encrypt multiple machines.

The price off ransom demands also skyrocketed, climbing 266 percent last
year, from an average of $294 in 2015 to $1,077 in 2016. Symantec also
reported evidence that ransomware attackers have begun customizing
individual ransom demands based on the type of volume and data they have
encrypted.

The growing threat of ransomware was further underscored by a second newly
research document, 2017 Global Threat Intelligence Report from NTTSecurity,
which found that 22 percent of all global incident engagements were related
to ransomware, more than any other category of attack.

Of the ransomware attacks observed via NTTSecurity's intelligence network,
77 percent were concentrated among four industries – business and
professional services (28 percent), government (19 percent), health care
(15 percent), and retail (15 percent).

Half of all incidents affecting health care organizations involved
ransomware. “This may indicate that attackers have identified health care
institutions as a vulnerable target more willing to pay ransom than other
sectors,” the report notes.

Neither report was limited exclusively to ransomware.

Noting the emergence of the Mirai IoT botnet in 2016, Symantec reported
that the number of unique IP addresses targeting its honeypot almost
doubled from January to December 2016, from 4.6 per hour to 8.8 per hour.
The company also noted that the use of JavaScript downloaders and malicious
macro downloaders in Microsoft Office files resulted in slightly over 7
million attempted infections in last year. And while total data breach
figures held steady, the number of identities stolen practically doubled
from 2015 to 2016, from 563.8 to 1.1 billion.

Meanwhile, NTTSecurity reported that 73 percent of malware programs
delivered to organizations in 2016 were the result a phishing attack.
Moreover, 30 percent of attacks detected worldwide targeted end-user
technology such as Adobe products, Java and Microsoft Internet Explorer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170426/2e433110/attachment.html>


More information about the BreachExchange mailing list