Security & Fraud

US Ransomware Incidents Skyrocket Because Businesses Pay

The U.S. was the number one target for ransomware last year. Its end users were also the most willing to pay.

This according to the latest volume of the Internet Security Threat Report published today by software company and security product provider Symantec.

In an interview with PYMNTS’ Karen Webster, Kevin Haley, director of Symantec Security Response, spoke to the many ways in which 2016 was a landmark year in cybercrime, where threat vectors point in the future and what’s being done to try and stop it.

To start, ransomware threats escalated globally through 2016 in size, number and kind. Symantec identified over 100 new malware families released into the wild last year. Likewise, they registered a 36 percent increase in ransomware attacks globally in the same period.

The United States bore the brunt of this rise, Haley said, in a number of ways.

First, the average amount asked for in ransomware attacks saw a 266 percent rise year over year. In 2016, cybercriminals demanded an average of $1,077 per victim, compared to $294 in the previous year.

The rise makes sense, said Haley, given how end users in the U.S. — the nation most targeted for ransomware attacks — tend to respond to this form of cyberattacks.

Looking at ransomware data from end users in 24 different countries, Symantec found the rate of people paying out on ransomware was 34 percent globally. In the U.S., that rate was 64 percent.

“It’s the country with the most connected computers in the world — give or take China — with a high standard of living and capability of paying are also most willing to pay,” Haley said. “It’s no surprise, then, that the written amount of ransomware has gone up and that the U.S. is the number one target.”

And so far, there’s no price ceiling. For the foreseeable future, cybercriminals could continue to raise their price target — just so long as they continue to get paid.

“Next year we may be talking of a rate that’s even higher than that,” Haley said.

But it wasn’t just a landmark year for cybercrime in the general public on PCs. Symantec saw new levels of cybercriminal ambition in 2016 — record identities exposed in data breaches, digital bank heists, DDoS attacks powered by IoT devices and, perhaps most notably, a rise in attacks on government entities and nation-states.

Cyberattacks on nation-states saw a major evolution last year, Symantec found, as the perceived success of campaigns has led to a spike in interest of a traditionally rare form.

“We used to think that cyberattacks on nation-states were just about stealing secrets,” Haley said. “But it’s moved into doing more. They now understand that they can expose our secrets, can embarrass us, influence and even sabotage events.”

Further, Haley said, cybercriminals don’t seem to care that attacks can be traced back to them, since their views are that digital crimes are different than crimes in the physical world — and, most often, consequence-free as a result.

Law enforcement does not have the bandwidth to investigate or prosecute for these crimes unless they reach a large financial threshold. Cyber crooks know this and use that to their full advantage.

As for what’s next, Haley said that cybercriminals will continue to leverage whatever works to disrupt or score cash. Or both. They’ll use any means — including “tried and true” tools like email and word documents, for example — since they continue to be effective.

“Computers are getting harder to fool,” Haley said. “And, that’s driving the attackers to fool humans — and, unfortunately, the ability to fool humans hasn’t really changed that much.”

Though as the pace of technological advancement accelerates, cybercriminals will have a growing number of devices to leverage for nefarious purposes. Especially if it’s profitable.

Which makes the next frontier, Haley said, the internet of things — the myriad of devices that will connect to the internet and open the doors to a treasure trove of data once they get inside. Haley said that when Symantec does a little “honeypotting” and connects unsecured IoT devices to a network, they find that it takes attackers less than two minutes to “jump on the opportunity.”

At the start of 2016, the number of unique attackers that went after the unsecured devices was five per hour. At the end of the year, they found that had almost doubled.

Of course, we all remember the havoc that was wreaked when cyber crooks perpetrated a high-profile DDoS attack on Dyn last year and seconded baby monitors and DVRs to bring large swaths of the internet down for a day — more or less for the sport of it.

But these unsecured IoT devices are also leveraged for bitcoin mining and sending spam. As more devices become connected, Haley said that it’s easy to imagine a future in which ransomware tactics are leveraged by cybercriminals to unfreeze a smart car, television or even a refrigerator.

What keeps that from happening now is twofold, Haley said. First, there’s still a ton of money to be made in PCs — given the fallibility of human beings. Secondly, cybercriminals haven’t figured out a sure way to monetize hacking into baby monitors.

“It’s a practical matter,” Haley said. “How do you put up your ransom note and how do you get people to pay it?”

On mobile, attackers have already run into ransomware problems. They freeze phones to lock access and demand ransom — but then users don’t have a way to pay the ransom without accessing another device.

“That will be the difficulty for these guys,” Haley said. “Imagine someone trying to write down a TOR address off of their smart television set and walking over to their computer to enter it there. It’s just not going to work.”

Once cybercriminals get past these barriers — and they surely are trying to figure out how — then the world is likely to see people paying ransom to start their smart cars or open their front doors equipped with digital locks.

When presented with that brave, but scary new world, Haley said that there are best practices that end users can take to prevent these issues from arising in the first place.

First, he said, make sure that all connected devices have strong passwords and always use two-factor authentication. Haley noted that if the DNC had used two-factor authentication, the email phishing attack wouldn’t have been so disastrous.

Secondly, users need to be more aware of all of the directions from which cybercriminals can strike.

“We need to be suspicious of Word files — they were very prominently used in 2016 and so far this year,” Haley said. “If you’re getting a word file and someone is asking you to turn on macros — don’t do it.”

Lastly, Haley said that even with good security, ransomware can still happen. But if users have already backed up their files, they won’t need to pay in the first place.



The PYMNTS Cross-Border Merchant Friction Index analyzes the key friction points experienced by consumers browsing, shopping and paying for purchases on international eCommerce sites. PYMNTS examined the checkout processes of 266 B2B and B2C eCommerce sites across 12 industries and operating from locations across Europe and the United States to provide a comprehensive overview of their checkout offerings.

Click to comment