Is The Boom In Ransomware Stabilizing?

Ransomware has been through a meteoric rise over the past 12 months. Going from a barely known form of malware to one of the most commonly deployed threats around, the criminal world appears to be fully incorporating ransomware into its business model.

That’s according to Palo Alto Networks, who’ve released a new report studying this form of attack. Considering 2016 has seen several institutions including hospitals being held hostage by ransomware, as well as through DDoS ransom demands, it’s evident that the revenue generated from online crime is becoming less dependent on consistently compromising more databases and user accounts to then sell on. 

The money is coming from the victims themselves, who are consensually handing money over to criminals in order to access their photos, movies and other files that attackers have encrypted and threatened to permanently delete.

How do they know? Well as with all economies, prices give us the best indication of what’s selling and what’s in demand. For example, the price of pagers plummeted when mobile phones hit the market, new ideas and products entering a market can lead to old products/sources of revenue going down the ladder or fading into non-existence. 

What Palo Alto has observed is the average price for stolen records online is now falling rapidly, having reached a new low of $6 per record, compare to a previous average price of $25. This shows people are assigning a much lower value to them, meaning the online criminals who buy them are sourcing revenue from other means. We can tell this new revenue is often being drawn from ransomware attacks as we’ve seen such a dramatic increase in instances of these attacks, with many victims coughing up. Returns on these attacks are often as high as several hundred dollars or above.

By the way, you definitely shouldn’t pay up.

Anyway, the reason security experts are starting to get extra anxious is because of the proliferation of smart devices. Yes, as usual, the Internet of Things means this situation of incessant ransom attacks may go from bad to worse. 

This is because so many of the company’s manufacturing these devices don’t bother adding serious security measures to their products. Whether to keep costs down or simply because developers don’t see it as a priority is a discussion for another time, but the key takeaway is that several devices will be open to being held to ransom, causing headaches the world over for web users and security teams.

IT Secrity Guru

« Germany's Intelligence Chief Accuses Russia of Cyber Warfare
Is Edward Snowden Really A Russian Agent? »

Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Free Access: Cyber Security Supplier Directory listing 5,000+ specialist service providers.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Black Hat Briefings

Black Hat Briefings

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world.

Security Network Munich

Security Network Munich

Security Network Munich brings together leading players in the field of information and cyber security through joint research and innovation projects.

DoWebScan

DoWebScan

DoWebScan is an all in one website suite on the internet for all website security related issues.

Nullcon

Nullcon

Nullcon provides an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats.

Metro Systems

Metro Systems

Metro Systems offer fully integrated IT solutions & services covering Digital Transformation, Digital Infrastructure, Cyber Security and Training.

Randstad

Randstad

Randstad provide outsourcing, staffing, consulting and workforce solutions in the USA across a wide range of job sectors including IT and cybersecurity.

Ultra Electronics

Ultra Electronics

Ultra specialises in providing application-engineered bespoke solutions. We focus on mission critical and intelligent systems in the defence, security, critical detection & control markets.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.