Over the course of 2016, ransomware operators trailed their sights on bigger targets—companies and organizations, both large and small—and raked in US$1 billion for their efforts.
Even before WannaCry reared its ugly head, companies and individuals worldwide have already been suffering the threat’s dire consequences—all documented in our report, “Ransomware: Past, Present, and Future.” After just one year, we saw a staggering 752% increase in the number of ransomware families.
Regional distribution of ransomware threats from January 2016 to March 2017
Several modifications to different ransomware variants were seen throughout 2016. New capabilities include updated infection routines and the ability to encrypt an increasing number of file types. To date, we haven’t seen the end of the “ransomware scare.”
Case in point: WannaCry—probably the biggest ransomware to hit users—abused a recently discovered Windows Server Message Block (SMB) vulnerability (CVE-2017-0144) to get into not just systems but entire networks. Exploiting the bug allowed cybercriminals not just to encrypt files in systems but also scan for SMB shares to spread in networks. Because WannaCry encrypted even business-critical files (e.g., databases and archives), victims could have been left with no choice but to pay up.
Why Is WannaCry and Other Ransomware Detrimental to Businesses?
Despite the fact that WannaCry asks for a smaller ransom (US$300) compared with other variants, it can spread via SMB shares. This means the affected company may have to pay US$300 per infected system—thickly lining the operators’ pockets while crippling the victims.
WannaCry isn’t the first to profit off businesses though. We’ve seen Cerber—the most prolific ransomware family to date—wreak havoc among victims over and over again. Its operators have even started peddling Cerber-as-a-service offerings in underground forums, earning US$200,000 for a single month last year.
Ever-changing ransomware behaviors are forcing victims to pay up just to keep their businesses running. Note though that paying up doesn’t always mean you’ll get access to your data back. When it comes to threats like ransomware, prevention is always better than cure.
Ransomware Mitigation and Prevention
We recommend organizations take some basic precautions to minimize their risk of this threat. Below are steps they can take.
Prevent ransomware infection on any system before your business suffers with the help of the wide array of Trend Micro email and gateway, endpoint, network, and server protection suites.
For more information on just how big the ransomware threat has become over the past few years and where we see it headed next, read our comprehensive report, “Ransomware: Past, Present, and Future.”
