Since the end of 2020, everyone in the field of cybersecurity has been talking about Ransomware. It’s the primary topic of discussion in blogs, newsfeeds, and security conferences.
Regular people need to be just as concerned because it affects us all.
Currently, there are more than 3 billion phishing emails sent every day, and an average of 1 cyber-attack every 39 seconds that’s projected to hit $6 trillion in losses for 2021. With numbers like that showing that phishing is by far the more prolific threat, why is Ransomware getting all the attention?
You’ve heard the term, a means to an end. Right now, phishing is the means, and Ransomware is the end. Okay, that’s oversimplified, but it’s that line of logic that explains why Ransomware attacks are on the rise and that meteoric trajectory won’t curb anytime soon.
In the early days, cybercriminals directed Ransomware attacks at wealthy individuals and corporations who could afford to pay to get information back or keep it from being leaked. An attack in 1989, for example, used a trojan virus to hide directories and encrypt the names of the files, demanding $189 to restore access. Directed attacks like this, requiring the use of infected diskettes, didn’t exactly strike fear into the hearts of early computer users.
Fast forward to 2006, and cybercriminals began to realize that Ransomware could be monetized on a far broader scale with so many people using the internet. Using better encryption, a trojan delivered by a hacked website could encrypt everything in the My Documents directory. Two years later, a similar trojan began spreading through an email attachment that used a stronger type of encryption.
Of course, these attacks were still more or less directed at businesses and people who could afford to pay. Because of this, the public remained largely unconcerned with this threat. And then came the wave…
The Ransomware Wave
Among business people, charting growth is common. It’s exhilarating to see exponential growth year over year in your business, while that same growth in criminal activity can be terrifying. So when reported attacks grew from around 60,000 in 2011 to 720,000 in 2015, cybersecurity professionals grew very concerned. But even with these ransomware variants flooding email and hacked websites, the public remained largely unconcerned.
Why? Because most people believe that Ransomware is something that happens to other people.
Starting in 2016, this Ransomware Wave grew to more than 4,000 attacks carried out daily, and in 2021, we see new Ransomware attacks every 11 seconds. In addition to being monetized, these attacks have been automated, meaning that every single person with an internet active device is a target.
The Cost of Ransomware
Let’s take a look at a few of the costs associated with these attacks.
- Organizations pay an average ransom of $312,493
- Individuals pay an average ransom of $1,077
- There’s an average 19-day downtime from an attack
- 92% of people who pay the ransom don’t get their data back
- 71% of people who pay the ransom get extorted multiple times
- Attackers demanded a $70 million ransom in early July 2021
- The global cost of Ransomware will exceed $20 billion in 2021
In this new reality, Ransomware is not something that happens to other people, and we’re a long way from Ransomware demands of $189. This is a money-making industry that targets everyone. And the worst part is that the vast majority of these attacks aren’t directed – they’re opportunistic.
Stolen credentials, whether from phishing schemes, social engineering, or hacked websites, provide cyber criminals with the means to make these attacks.
Everyday Impacts of Ransomware
And finally, 2021 is bringing about an unprecedented public awareness of Ransomware. Sadly, this is because attacks are closing schools, affecting transportation, threatening food supplies, and causing people to miss medical appointments and procedures. In short, Ransomware attacks are becoming unavoidably real for regular people.
The stakes have changed dramatically, with the costs of Ransomware inflating to millions of dollars, with far more sophisticated targeting and the use of automated technology to spread its influence. Attacks are interrupting critical systems and national functions, disrupting people’s lives as they evolve into national security, public safety, and public health threats.
Because of the real-world implications these attacks have on the public sector, the federal government has begun to crack down on Ransomware. Corporate America has long taken these threats seriously, but now CISA established new guidelines for small businesses and regular people, along with in-depth investigations into attacks. Unfortunately, this is much like the war on drugs in that for every group stopped, another takes their place.
Protect Yourself from Ransomware
The reality of the situation is that people need to protect themselves from Ransomware. The vast majority of successful attacks happen because people don’t use strong passwords, refuse to change their passwords, ignore 2FA, and aren’t aware of phishing and other social engineering attacks. Ignoring basic internet security because it’s inconvenient keeps providing cybercriminals with opportunities to attack, not just personally but also on our society.
By taking an active role in protecting yourself from Ransomware, you are helping to protect businesses, schools, utilities, entertainment, and every other aspect of our society currently under attack.
I’ve always had a love of working with technology, being fortunate enough to have grown up with a grandfather who taught me how to fix things for myself and not be afraid to jump in and get my hands dirty. Over the last three decades, I’ve worked as a technician, trainer, technical writer, and manager in small business, enterprise organizations, and government. In addition, I’m an author, having published multiple works available online and in print. You can find my creative work at https://WritingDistracted.com