Ransomware. It’s one of the biggest buzzwords in cybersecurity, and there’s good reason for it.
In 2015, ransomware attacks caused $325 million in damage. By the end of 2017, the expected damage is to surpass $5 billion. A recent report says that in 2021 ransomware will cause $6 trillion worth of damages, which will make cybercrimes more profitable than the global trade of all major illegal drugs combined.
With the damages increasing at an annual rate of 350%, spending on cybersecurity to protect from ransomware is also increasing. Over the next four years, it is predicted that $1 trillion dollars will be spent to protect companies from possible attacks.
2017 proved quite the year for security breaches with 1.9 billion data records either stolen or lost in 918 cyber-attacks. The most common attacks used some form of ransomware to restrict access to files. Ransomware wasn’t the only form of cyber-attack however. Other attacks exploited both security vulnerabilities and human oversight. As the year ends, here’s a look at some of the most prolific attacks of 2017:
Between mid-May and July, a security breach affecting 145.5 million people took place due to an Apache Struts vulnerability. Equifax discovered the breach on July 29th but waited an additional six weeks to notify customers. Roughly 44% of the country’s population may have had personally identifiable information (PII) was compromised. This information included Social Security Numbers, addresses, birth dates, and credit card numbers. Hackers can then use this information to steal an identity.
WannaCry was a global ransomware that affected hundreds of thousands of computers in over 150 countries. This ransomware self-spread to user’s computers without users even having to click a link. Once cybercriminals encrypted the hard drive, they demanded Bitcoin to unlock the files. This malware worked due to users running on an unpatched Microsoft operating system, which lead to a high risk of infection.
Hackers activated “NotPetya”, built from the NSA’s own library of hacking tools, at the end of June. This infected at least 2,000 organizations across the globe. NotPetya encrypted all files in an infected system and caused irreparable damage to hard drives. Most importantly, this attack could spread without human interaction. Similar to WannaCry, hackers used the assumption that user’s devices were not properly updated.
In February, a security bug was discovered in reverse proxies from Security-as-a-Service (SaaS) provider CloudFlare. Cybercriminals discovered a glitch that allowed the company’s servers to return extra data in response to website requests. This allowed for the leak of sensitive information including passwords, authentication tokens, and more. Information was collected from Uber and FitBit users from September 2016 to February 2017.
The popular television network was hacked in late July. The network had roughly 1.5 terabytes of information stolen. This information included scripts and episodes from the fan favorite show Game of Thrones. Initially, criminals demanded money for the data but the stolen information was eventually posted online.
Past Attacks Come to Light
2017 wasn’t only a year for major breaches. Revelations from both Uber and Yahoo came to light about previously undisclosed attacks. Uber had 57 million user’s information compromised during 2016 AND paid $100,000 in a coverup attempt. Also, Yahoo also admitted that all 3 billion of their user accounts were compromised in 2013.
Cyberattacks are constantly evolving which puts everyone at risk. Both firms small and large are susceptible to an attack. Firms are especially vulnerable due to the confidential information they protect. Make sure you are routinely updating cybersecurity protocols as the year ends. Educate firm users about ransomware so they can be part of the solution. A firm can never protect itself too much. As always, if you ever have questions or want additional information/materials contact us at [email protected].