Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


08:00 AM
Connect Directly

Ransomware Surveys Fill In Scope, Scale of Extortion Epidemic

Half of all surveyed organizations have been hit with ransomware campaigns in the last year, many more than once

Some 50% of organizations have been hit with a ransomware infection in the last year, and of those, 85% have suffered from three or more attacks, according to a user survey conducted by security vendor SentinelOne.

As a result, 70% of respondents report an increase IT security spending, and 65% have changed their security strategies to focus on mitigation. More than half — 52% —  say they've lost faith in their antivirus protection.

"It’s not surprising to see high levels of apathy towards traditional antivirus software, and we don't expect the ransomware epidemic to slow down anytime soon," says Jeremiah Grossman, chief of security strategy for SentinelOne, in a statement. "The situation is likely to get far worse, as some of the ill-gotten gains will be invested into research and development designed to improve encryption strength and utilize new delivery methods, as witnessed with Locky.”

Tis the season for vendors' ransomware surveys. PhishMe reports this week that developers of Locky ransomware have shown "creativity, agility, and adaptability" in their repeated improvements to the malware, frustrating the efforts of analysts, researchers and infosec professionals to prevent or mitigate attacks. And Cato Networks says that 73% of CIOs view defending against ransomware and other emerging threats as their top priority for 2017.

While few security pros would deny that ransomware is a growing problem, the trio of vendor reports begins to put the scope and scale of this malware epidemic into sharper contrast.

"Infosec professionals need to understand that ransomware leverages the current malware infrastructure, it's extremely easy to create, and it scales very well. It's also very lucrative for the bad guys," Grossman tells Dark Reading in a phone interview. Left unaddressed, the proliferation of ransomware threatens to mirror that of spam. "We have an opportunity now, but if we wait too long, ransomware's going to be everywhere," he adds.

Grossman also distinguishes between two kinds of ransomware attacks: indiscriminate and targeted. With indiscriminate campaigns, the bad guys know nothing about the content or value of the data they're encrypting. In a targeted attack, bad actors will go after a healthcare organization, for example, because it's literally life and death and widely assumed that they'll pay. "A couple weeks ago, a company was targeted and four hospitals had to reschedule patient operations while they dealt with ransomware infection," Grossman explains.

SentinelOne surveyed 500 "cybersecurity decision makers" at organizations with more than 1,000 employees in October 2016, including 200 people in the US, and 100 each in the UK, France, and Germany.

What can organizations do to protect themselves against this kind of extortion? One obvious preventive measure is performing regular data backups, so if an organization's servers or desktops get hit with a ransomware attack, they'll have unencrypted copies in reserve that allow them to carry on with business as usual. "One thing ransomware has done is inadvertently exposed the lack of backup data" on the part of end-users, Grossman explains.

It really comes down to patching, especially since browsers are getting hit with drive-bys; another protection is to monitor inbound attachments on email and to disable macros. "Should malware get into the system and start to execute, there's technology available that detects bad apps at runtime," Grossman recommends.

SentinelOne's survey highlighted other issues for companies hit with ransomware:

  • Company data most often affected by ransomware campaigns was financial data (52%), employee information (46%) and customer information (37%);
  • 68% of respondents agreed that traditional security techniques can't protect organizations from the next generation of malware;
  • Most companies still assume responsibility for data breaches and ransomware attacks; only 42% say they would demand answers from their IT security vendors.

Related stories:


Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 3 / 3
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
11/25/2016 | 5:30:41 PM
Re: Ransomware defense strategy
Good points.  This is why I preferred the days of MS-DOS.  After I was compelled to upgrade, my understanding of my computer and its processes severely diminished.
User Rank: Strategist
11/22/2016 | 7:50:27 AM
Re: keydown
Thanks for your post, BPID... we hear this same refrain with each new threat type that emerges: Vendors can fix this in software without involving the user. And yet here we are again!
User Rank: Ninja
11/22/2016 | 5:21:28 AM
Re: 192.168.l.l
It is the right words, I fully agree with you
User Rank: Apprentice
11/21/2016 | 4:20:42 PM
Re: Iamazing
Excellent article plus its information 
User Rank: Apprentice
11/21/2016 | 4:17:38 PM
Re: amazing
Excellent article plus its information and I positively bookmark to this site because here I always get an amazing knowledge as I expect.
T Sweeney
T Sweeney,
User Rank: Moderator
11/21/2016 | 10:45:49 AM
Re: Ransomware defense strategy
Thanks for your post, BPID... we hear this same refrain with each new threat type that emerges: Vendors can fix this in software without involving the user. And yet here we are again!

I'd welcome better insight as to what happens on the vendor or developer side. Is ransomware prevention just one more thing in the OS security equivalent of whack-a-mole? Do vendors only see costs that they won't recoup?
BPID Security
BPID Security,
User Rank: Strategist
11/21/2016 | 10:10:36 AM
Ransomware defense strategy
The concept of ransomeware is insidious, not just that it encrypts but that it can be forwarded via email to all your email recipients.

That being stipulated, it should be rather easy to have the OS, or any OS, monitor activities for encryption and notify users of questionably nefarious activities.

Online game makers have long ago created CPU process monitors to prevent realtime game 'cheating'.

The function is simple to understand, monitor for encryption code running in the cpu rather than the contents of an executale. Then stop it unless the user permits. Otherwise send it to AV for cleanup. Building it is a bit more complex as was the one my firm built for a client. Really the CPU resources and disk activity of full disk encryption is really easy to detect.

Ransomware exists because we make computers with an interface non technical people can use, It wouldn't live very long in a command line OS. Holding users responsible for their failures just adds more stuff people will ignore. It is the responsibility of the service, software or vendor to protect the user.

As an analogy: If you rent a hotel room for a night, go to dinner and your door doesn't lock, and someone comes in and spray paints the room and your possessions, who is ultmately responsible for the loss? You as temporary rentor of the service, or the security of the hotel?

We need legislation to clearly identify responsibility and the limits of that responsibility.

Still, it is a problem that technology created, one that is beyond the technical expertise of most users, and one that is solvable through intelligent technology.
<<   <   Page 3 / 3
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.