Growing business: 429 million personal records exposed in 2015, jumped 85%. Unreported? half a billion. RansomWare? Nightmare.

(quote)

Apr 12, 2016 - ABC News Report: Data Breaches Bigger, Worse Than You Think In addition to 9 “mega-breaches” of personal data in 2015, tens of millions of personal records were likely exposed or stolen the same year but went unreported because the companies or entities involved chose to keep the size of the breach a secret, The report from California-based Symantec said that the number of companies that refused to report the scope of a data breach jumped by 85 percent last year, what one senior Symantec officer said was a “disturbing trend.” Some 429 million personal records were exposed in 2015 -- many of them through mega-breaches like the Office of Personnel Management hack and one that reportedly hit a huge voter database -- but that number is only based on entities that shared the scope of the breach. Symantec estimates that the real number of exposed or stolen records, including those that went unreported, likely tops half a billion. Senior Vice President at Symantec told ABC News that the research shows cyber-crime has moved on from its “start-up phase.” “As a growth business, these guys have figured out how to make money,”

Growing business has moved on from its “start-up phase.”
A “disturbing trend - a market has evolved to meet demand.”

February 18, 2016 - CBS/AP Hospital paid ransom: $17,000. The CEO of Hollywood Presbyterian Medical Center says the hospital decided to pay ransom to hackers who were holding its computer network hostage because that was the "quickest and most efficient way" to regain control of the system. The hospital paid the ransom in an amount worth about $17,000, after falling victim to what's commonly called "ransomware" - where hackers seize control of a computer system and threaten to misuse or destroy data if they're not paid. In this case, the hackers encrypted the hospital's data and demanded payment in exchange for a digital key to unlock it.

CEO Allen Stefanek issued a statement about the incident, saying: "The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this." Stefanek said the infiltration at Hollywood Presbyterian was first noticed on Feb. 5, and that its system was fully functioning again by Monday, 10 days later.

NetworkWorld - So it's not much of a surprise that ransomware has grown so rapidly. Ransomware: Pay it or fight it? Experts recommend fighting, but for many the $500 ransom is a small price to pay. Last November an employee in the Sheriff's Department in Dickinson County, Tenn., accidentally clicked on a malicious ad and exposed the office network to the infamous CryptoWall ransomware. Detective Jeff McCliss told local News Channel 5 that CryptoWall had encrypted "every sort of document you could develop in an investigation," such as witness statements and evidence photos. Even after consulting with the FBI and U.S. military, McCliss told the news station that the only solution was to pay the $500 to the cybercriminals to get their files back.

This wasn't an isolated case – for example, a police department in suburban Chicago recently paid a $600 ransom after it was struck by a similar attack, according to the Chicago Tribune. Although ransomware has been around in some (less successful) forms since the late 1980s, modern ransomware is designed to be essentially impenetrable. Only the malware author holds the private decryption key, meaning the only way to fight this threat is to prepare for it ahead of time. Enterprises that aren't fully prepared for a ransomware attack really have no incentive not to pay. In fact, many of those who do think they're prepared find that they have no option other than to negotiate with their hostage takers.

Organizations that employ real-time backup and frequently test their tools typically survive a ransomware attack unscathed – they can simply wipe the infected device and restore the backed-up files. This is hardly the reality for many organizations, especially for mid-sized companies with limited to no IT resources or even larger organizations whose IT staff is spread thin. Even organizations that have prepared for this kind of scenario often find that their file restore functions don't work, says Stu Sjouwerman, CEO of security training firm KnowBe4, which has advised and assisted victims of ransomware. Many organizations that invest in a file backup solution fail to test their restore function. When they need it to work, they find that they cannot restore all the files that they backed up, rendering the backup efforts futile. "They overlook [testing the restore function] all the time," Sjouerwman says. "It is a best practice, but IT is, as you well know, under a lot of pressure. They are forced to put out fires all day long and in the meantime also put new systems online. So it's hard to find time for that type of thing in a day-to-day IT environment."

From there, the decision to pay basically comes down to whether the data that was encrypted is worth more than the ransom demanded. "Ransomware is the Walmart of cybercrime. They just have decided to automate the whole process," Sjouwerman says. "And they are massively phishing as many email addresses and companies as they possibly can. For them, they have figured out that the business model is: some people will have backups, some people won't. Of the people that don't, it has to be a no-brainer." The cybercriminals behind these attacks are concerned with maximizing the likelihood of their victims paying the ransom. Theoretically, they could increase the payout for cases where they've encrypted more valuable data. But the key is to make sure they pay up, and keeping the price within a reasonable range will increase the chances that more victims will pay.

Honor among thieves - Along these lines, many of the people behind ransomware have focused on creating a trustworthy reputation on the Internet, honoring all ransom payments and leaving victims alone once the exchange has been made. In December, Sjouwerman told CSO about a new strain of ransomware called OphionLocker that was designed to recognize the devices it had infected in the past so that it doesn't hit the same victims repeatedly. And in his experience working with ransomware victims, Sjouwerman says every victim that has paid the required ransom amount did receive their decryption key, most of them within an hour of sending the payment. The objective is to make the decision as easy as possible for ransomware victims – if they pay up, they will receive access to their files and can put the entire ordeal behind them. "If they are not prepared and they are hit, most of them will pay," Sjouwerman says.

So it's not much of a surprise that ransomware has grown so rapidly since CryptoLocker.
The now-defunct ransomware strain that brought this model to the internet, was released in September 2013. Symantec estimated in September that CryptoLocker-style ransomware grew 700% in 2014. McAfee recently reported a 155% growth of ransomware in the 4th quarter of 2014. IT decision makers who just want to get their files back and get back to work. For an organization that faces losing weeks' or months' worth of data, they can write off the expense as a learning experience.

(unquote)

Image courtesy ABC, e92plus.com, thewindowsclub.com