Ransomware was quite notable in 2021. Several high-profile ransomware cases became newsworthy with some disconcerting developments. According to the FBI, there were more ransomware attacks in the first half of 2021 than all of 2020. Not only were the number of attacks up, but the average cost of ransom was up. We reported to you last year that the average ransom payment was static in 2020 somewhat unexpectedly. This was not the case in 2021 as we saw record ransom requests and record ransom payments in 2021. One US business reportedly paid over $50,000,000 in a single ransomware incident. Considering the original ransomware strains were asking for $300, this is quite a development.
Hackers have discovered the same thing businesses have discovered. Data is valuable. The dramatic rise in ransom payments is purely a supply and demand. The hackers keep raising the price and the victims continue to pay. (Reminds me of ticket prices at Disney World! Disney raises the price but the tourist keep coming.) The ceiling has not yet been found as experts are predicting a continued increase in ransom payment requests.
Statistics show that remediation from the ransomware infections also increased dramatically in 2021. According to a SpyCloud study, the average cost of remediation (excluding the ransom payment itself) more than doubled in 2021 to $1,850,000 per incident, up from $761,000. Why is this? The answer is large part due to the increased complexity of newer strains of virus. One consequence of the success of ransomware and businesses paying the ransom is that the hackers have tremendous resources at their disposal to hone their craft. When you have in influx of $50,000,000 to your operation, such was the case in the ransomware incident described above, you can put some of that money into research and development. The consequence is more sophisticated and harder to detect and combat viruses.
Some additional developments include hackers utilizing double encryption. Imagine the frustration of spending days or weeks working with professionals to try and decrypt your data, only to be successful and discover the decrypted files are simply encrypted again with a secondary encryption method. This is designed to discourage efforts to self-recover and encourage ransom payments. Hackers are also now threatening to expose company data on the dark web if ransom is not paid. Even if a business is able to use backups to recover their data, hackers are still demanding payment to prevent them from airing the company’s dirty laundry on the dark web. (Remember the Sony attack where hackers disclosed some embarrassing emails).
A final development is that it may be a crime to pay ransom for your files. If it is determined that the ransom ended up going to blacklisted organizations, the US government reserves the right to prosecute the paying company. This is a not-so-veiled policy to discourage paying hackers large sums of money which can be used for future attacks.
Ransomware continues to be a threat to businesses, and especially US-based small to mid-sized businesses. Are you confident in your defenses? Are your defenses keeping up with the new strains? Contact us today at (888) 600-4560 or via email at firstname.lastname@example.org and let our experts help.