Ransomware is Big Business. Here's Why

“Ransomware had a big year. So big, that it has cost US small businesses upwards of $75 billion dollars in downtime,” according to disaster recovery and business continuity solutions firm Datto Inc.

A recent survey conducted by Datto, found that in the first six months of 2016, 60% of IT service providers reported 1-5 ransomware attacks against small and medium sized business. 63% reported that the attack lead to threatening levels of downtime, and 48% reported critical data loss as result of an infection.

Ransomware is a malicious virus designed to block access to your computer system. The most recent variant, Cryptolocker, generated $325 million for the hackers within 100 days of launch, according to Cyber Threat Alliance. Some experts have projected that a billion dollars will be paid in 2016 due to ransomware infections.

Five reasons why the ransomware business is booming:

1. You don’t have to be an expert to deploy it. That’s right, cyber criminals can buy the software that will infect your company’s network.

2. It goes mostly unreported. According to Datto, Inc. less than 1 and 4 are reported to authorities, so they can act for years with impunity.

3. Payouts have increased substantially from only a few hundred dollars to tens of thousands of dollars, as was the case for Hollywood Presbyterian Hospital who paid their ransomers $17,000 in February 2016.

4. Social engineering and spear phishing emails are designed to by-pass your anti-virus, anti-malware, and firewall. Long gone are the days when you’d receive a message from a Nigerian Prince, now cyber criminals spend time getting to know you, your employees, and vendors then send cleverly disguised emails. According to a study published this year by PhishMe.com, 93% of all emails are phishing emails.

5. It is nearly impossible to remove, once you’ve been infected, which guarantees you’ll pay. The most popular variant, Cryptolocker, encrypts your files and data, locks you out, and creates a random symmetric key for each file. The key uses an asymmetric public-private key encryption algorithm (RSA) and keys of over 1024 bits, and adds it to the encrypted file. According to Panda Security, “the [virus] makes sure that only the owner of the private RSA key can obtain the random key to encrypt the file. Also, as the computer files are overwritten, it is impossible to retrieve them using forensic methods.”


According to the CFO.com article “How to Mitigate the Threat of Ransomware,” you should control risk by incorporating some of the following practices:

  1. Train and educate personnel on an ongoing basis.
  2. Specifically address and plan for a ransomware in the business’ disaster recovery and business continuity plans.
  3. Engage a third-party vendor to assess your organizations systems and procedures.