The past year saw a 2,502 percent increase in sales of ransomware on the dark Web, from just under $250,000 to more than $6.2 million, according to a recent Carbon Black report.
“This increase is largely due to a simple economic principle — supply and demand,” the report states. “Cyber criminals are increasingly seeing opportunities to enter the market and looking to make a quick buck via one of the many ransomware offerings available via illicit economies.”
There are now more than 6,300 dark Web marketplaces selling ransomware, with 45,000 product listings priced from $0.50 to $3,000, and a median price of $10.50.
“Based on our research, ransomware can no longer be perceived as petty criminals performing stick-ups and kidnappings,” Carbon Black security strategist Rick McElroy said in a statement. “Instead, ransomware has become a rapidly growing, cloud-based black market economy focused on destruction and profit.”
“Today, legitimate enterprises avoid heavy investments in infrastruture — and hackers are no different,” McElroy added. “In fact, with ransomware, hackers have set a model for a cloud-based, high-profit and effective turnkey service economy.”
A Growing Threat
A recent Crowd Research Partners survey of 516 cyber security professionals, commissioned by Cybersecurity Insiders, found that while 80 percent of respondents view ransomware a moderate or extreme threat, only a small fraction say they would pay the ransom or negotiate with attackers.
The most common ransomware infection vectors, the survey found, are from employees opening malicious email attachments (73 percent), responding to a phishing email (54 percent), or visiting a compromised website (28 percent).
The most effective way of blocking ransomware, respondents said, is user awareness (77 percent), followed by endpoint security solutions (73 percent) and patching operating systems (72 percent).
Fifty-one percent of respondents are only slightly to moderately confident of their organization’s ransomware defenses, and 39 percent say it would take as long as a few weeks to recover from an attack.
“In many respects, ransomware is a game changer,” Cybersecurity Insiders founder and CEO Holger Schulze said in a statement. “It is incredibly easy and inexpensive for cyber criminals to execute highly profitable attacks on a global scale.”
A separate Magnet Networks survey of 205 companies in Ireland found that fully 48 percent of respondents have no cyber security policy in place. Another 27 percent either said they’re completely unsecure or their security needs tightening.
“We found that only 13 percent of respondents think that their business is very secure — and in the absolute world of cyber attacks you are either totally secure or you are vulnerable in some way,” Magnet Networks cyber security expert James Canty said in a statement.
In 72 percent of companies with under 10 employees, network security is handled either by the business owner, the office manager, or in 9 percent of cases, no one at all.
That means that as many as 171,000 Irish businesses, Canty said, “have no one qualified looking after their network security and may not be protected against a ransomware and cybercrime industry which is growing at a rapid rate.”