Ransomware moved from nuisance to epidemic in 2016: IMB study
The year 2016 saw a 400% increase in spam year over year with roughly 44% of spam emails containing malicious attachments. Ransomware made up 85% of those malicious attachments in 2016, according to an IMB study titled: 2017 IBM X-Force Threat Intelligence Index.
Ransomware is a malware spread through infected email attachments or programs that encrypts data and demands payment for a decryption key. Ransomware is technically inferior to other malware; operating ransomware demands much less knowledge and skill, which has attracted lower-level criminals to it in the past decade.
“Cybercriminals continued to innovate in 2016 as we saw techniques like ransomware move from a nuisance to an epidemic,” said Caleb Barlow, Vice President of Threat Intelligence, IBM Security.
“While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment. The value of structured data to cybercriminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways.”The study comprises of observations from more than 8,000 monitored security clients in 100 countries and data derived from non-customer assets such as spam sensors and honeynets in 2016. IBM X-Force runs network traps around the world and monitors more than eight million spam and phishing attacks daily while analyzing more than 37 billion web pages and images. IBM Security found 70 percent of businesses impacted by ransomware paid over $10,000 to regain access to business data and systems. In February, last year, a California hospital paid a ransom of 40 Bitcoins (approximately USD17,000 at the time) to unlock encrypted files. In the first three months of 2016, the FBI estimated cybercriminals were paid a reported $209 million via ransomware. This would put criminals on pace to make nearly $1 billion from their use of the malware just last year.
Records compromised grew a historic 566% in 2016
In all, which includes other data breaches including ransomware, the IMB study finds that records compromised in 2016, grew a historic 566 percent from 600 million in 2015 to more than 4 billion. These leaked records include data cybercriminals have traditionally targeted like credit cards, passwords and personal health information, but IBM X-Force also noted a shift in cybercriminal strategies. In 2016, a number of significant breaches related to unstructured data such as email archives, business documents, intellectual property and source code were also compromised.Shift from healthcare back to financial services
Information & communication services companies and government experienced the highest number of incidents and records breached in 2016.- Information and Communications (3.4 billion records leaked and 85 breaches/incidents)
- Government (398 million records leaked and 39 breaches/incidents)