The Federal Trade Commission (FTC) now ranks ransomware as “among the most troubling cyber threats” due to the strong increase in recent months. Not only are ransomware attacks increasing in number, they are becoming increasingly difficult to defend against, as a tiny vulnerability can lead to an entire network being encrypted and held hostage. At a recent forum to discuss the spread of ransomware, FTC Chair Edith Ramirez noted that the Department of Justice found there is an average of 4,000 incidents of ransomware a day, a 300 percent increase from the past year. She also warned businesses to increase their cyber defenses and educate employees to be on the lookout for phishing attempts – 93 percent of all phishing emails are believed to have some component of ransomware encryption. To help drive awareness, the FTC has “brought dozens of enforcement actions against companies for failing to adopt what it considers reasonable security protections,” according to a recent article.
Craig Williams, global outreach manager at Cisco Talos, explains ransomware has evolved into an extremely profitable business. “Over the last five or 10 years we’ve moved from a period where an attacker was making a couple of dollars per user to where now they’re making a couple hundred per user, and tens of thousands per compromised business,” Williams says. “It’s really put things on an economic scale that we’ve just simply never seen before.” Earlier this year, Hollywood Presbyterian Medical Center was hit with an attack and was forced to pay $17,000 in bitcoin to have their files decrypted. The likelihood that an organization pay the ransom, particularly those in the healthcare sector, set a precedent and as several other hospitals were attacked in following months. The FTC is determined to not only raise awareness, but to find new and effective strategies to combat ransomware.