Over the course of 2016, ransomware operators trailed their sights on bigger targetsâcompanies and organizations, both large and smallâand raked in US$1 billion for their efforts.
Even before WannaCry reared its ugly head, companies and individuals worldwide have already been suffering the threatâs dire consequencesâall documented in our report, âRansomware: Past, Present, and Future.â After just one year, we saw a staggering 752% increase in the number of ransomware families.
Regional distribution of ransomware threats from January 2016 to March 2017
Several modifications to different ransomware variants were seen throughout 2016. New capabilities include updated infection routines and the ability to encrypt an increasing number of file types. To date, we havenât seen the end of the âransomware scare.â
Case in point: WannaCryâprobably the biggest ransomware to hit usersâabused a recently discovered Windows Server Message Block (SMB) vulnerability (CVE-2017-0144) to get into not just systems but entire networks. Exploiting the bug allowed cybercriminals not just to encrypt files in systems but also scan for SMB shares to spread in networks. Because WannaCry encrypted even business-critical files (e.g., databases and archives), victims could have been left with no choice but to pay up.
Why Is WannaCry and Other Ransomware Detrimental to Businesses?
Despite the fact that WannaCry asks for a smaller ransom (US$300) compared with other variants, it can spread via SMB shares. This means the affected company may have to pay US$300 per infected systemâthickly lining the operatorsâ pockets while crippling the victims.
WannaCry isnât the first to profit off businesses though. Weâve seen Cerberâthe most prolific ransomware family to dateâwreak havoc among victims over and over again. Its operators have even started peddling Cerber-as-a-service offerings in underground forums, earning US$200,000 for a single month last year.
Ever-changing ransomware behaviors are forcing victims to pay up just to keep their businesses running. Note though that paying up doesnât always mean youâll get access to your data back. When it comes to threats like ransomware, prevention is always better than cure.
Ransomware Mitigation and Prevention
We recommend organizations take some basic precautions to minimize their risk of this threat. Below are steps they can take.
Prevent ransomware infection on any system before your business suffers with the help of the wide array of Trend Micro email and gateway, endpoint, network, and server protection suites.
For more information on just how big the ransomware threat has become over the past few years and where we see it headed next, read our comprehensive report, âRansomware: Past, Present, and Future.â
