Financial institutions, healthcare, and the public sector were hit hardest
It’s obvious from the number of reported incidents that ransomware attacks are on the rise, but the speed at which they’re increasing is shocking. According to Verizon’s 2017 Data Breach Incident Report (DBIR), instances have jumped by 50 percent during the last year.
Financial institutions, healthcare, and the public sector are the three industries most often targeted by the file-encrypting malware, based on data from 65 organizations, 42,068 incidents, and 1,935 breaches in 84 countries.
Hollywood Presbyterian Medical Center paid $17,000 to hackers last year after ransomware locked down parts of its system. Later in 2016, hospital chain MedStar shut down its network systems after suffering a similar attack.
In 2014, ransomware was the 22nd most common type of malware. Today it is the fifth most common. We’ve even seen it in CCTV cameras in Washington, and San Francisco’s public transport system
In another part of the DBIR report, it’s noted that 73 percent of all attacks were financially motivated. Not surprisingly, 81 percent of hacking-related breaches used either stolen or weak passwords, while 66 percent of malware installations came via malicious email attachments.
Small and medium-sized business are becoming an increasingly popular target for hackers. 61 percent of breaches targeted companies with fewer than 1000 employees, compared to 53 percent a year earlier.
Despite the risks, the report states that organizations aren’t doing enough to protect themselves and are still getting the basics wrong. In the case of ransomware, many seem more willing to pay the money instead of investing in better security.
“[..] each year we see the same attack techniques working,” said Dave Hylender, senior risk analyst at Verizon. “The information security community has to get better at addressing the root causes, because otherwise the threats are just never going to go away.”