In 2017, ransomware evolved suddenly into a crisis for enterprises around the world, leading Kaspersky Lab to name the threat the "key topic" of the year, according to a new report.
Ransomware continues to plague businesses: In 2017, 26% of ransomware targets were business users—up from 23% in 2016. This increase is due in large part to three major, sophisticated attacks: WannaCry in May, ExPetr in June, and BadRabbit in October.
Each of these attacks leveraged exploits designed to compromise corporate networks, the report noted. These exploits were leaked online in the spring by hacker group Shadow Brokers.
SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)
"The headline attacks of 2017 are an extreme example of the growing criminal interest in corporate targets. We spotted this trend in 2016, it has accelerated throughout 2017 and shows no signs of slowing down," Fedor Sinitsyn, senior malware analyst at Kaspersky Lab, said in a press release. "Business victims are remarkably vulnerable, can be charged a higher ransom than individuals, and are often willing to pay up in order to keep the business operating. New business-focused infection vectors, such as through remote desktop systems, are not surprisingly also on the rise."
Some 65% of businesses hit by ransomware in 2017 said they lost access to a significant amount of data, or even all of their data, the report found. And sometimes paying the ransom did not make a difference: One in six of the businesses that paid never recovered their data.
Overall, about 950,000 unique users were hit with ransomware in 2017—down from about 1.5 million in 2016. This large discrepancy is primarily due to better detection methodology, rather than a decrease in attacks, the report noted.
There was also a decline in new families of ransomware, with 38 families found in 2017, down from 62 in 2016. However, this also corresponded to an increase in modifications to existing ransomware with more than 96,000 new modifications detected in 2016, compared to 54,000 in 2016.
Ransomware attacks will continue into 2018, Sinitsyn wrote in a Tuesday blog post. Kaspersky Lab predicts that we will see a rise in cryptocurrency mining or targeted attacks for the purpose of installing miners, which can result in more money for criminals over time.
"One thing's for sure, ransomware won't just disappear - neither as a direct threat, nor as a disguise for deeper attacks," Sinitsyn wrote.
For tips on how to avoid ransomware attacks, click here.
Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.
- In 2017, 26% of ransomware targets were business users—up from 23% in 2016. -Kaspersky Lab, 2017
- 65% of businesses hit by ransomware in 2017 said they lost access to a significant amount of data, or all of their data. -Kaspersky Lab, 2017
- About 950,000 unique users were hit with ransomware in 2017—down from about 1.5 million in 2016. However, this drop is primarily due to better detection methodology, rather than a decrease in attacks. -Kaspersky Lab, 2017
- Report: Malicious email attacks jump 85% in Q3, ransomware reigns supreme (TechRepublic)
- Ransomware: An executive guide to one of the biggest menaces on the web (ZDNet)
- Why SMBs are at high risk for ransomware attacks, and how they can protect themselves (TechRepublic)
- The nasty future of ransomware: Four ways the nightmare is about to get even worse (ZDNet)
- Information security incident reporting policy (Tech Pro Research)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.