The Billion Dollar Headache: Sophisticated Ransomware takes aim at Small Business

In-brief: in the latest Security Ledger podcast, Editor in Chief Paul Roberts speaks with Lior Div of the firm Cybereason and Brian NeSmith of the firm Arctic Wolf about the growing sophistication of ransomware attacks and platforms and how scammers are targeting small businesses and non-profits. 

Ransomware was in the news again this week. Greenway Health, an electronic health records and practice management vendor based in Tampa Florida, revealed that it had been the victim of a criminal cyber attack that froze customer access to patient data. At the same time, the firm Recorded Future published a report on a new family of ransomware dubbed “Fatboy” that dynamically adjusts ransom by the geographic location of the victim. Residents of wealthier countries are asked to pay more.


Get the New 2017 SANS Research Report on 'Threat Hunting' -- Written by experts from the SANS Institute, the survey reveals a number of interesting data points about the challenges and benefits of threat hunting.


The 22nd most common form of malware in 2014, ransomware was the fifth most common in this 2016, according to Verizon’s most recent Data Breach Investigation Report. Symantec reported ransomware demands spiked 266 percent, with no limit in sight: The average ransom per victim grew from $294 in 2015 to $1,077 in 2016 and Symantec hasn’t seen a price ceiling. And Americans are most likely to pay ransom demands: 64 percent of Americans are willing to pay digital ransom demands, which is the highest of any country in the world.

What’s going on? For this week’s podcast, we sat down with two experts to talk about what’s driving the rise in popularity of ransomware and how it is impacting not just consumers, but businesses. Brian NeSmith is the CEO of Arctic Wolf, a firm that sells hosted security services to small and mid-sized business. His company works up close with companies affected by ransomware scams. We also talked with Lior Div, who is the founder and CEO of the firm Cybereason, which has released a free tool: Ransomfree that has been downloaded more than 200,000 times. Cybereason is also working with non-profits and other small businesses at the local level to help

To understand the popularity and spread of malware, you need to understand how revolutionary the latest generations of ransomware, which couple strong encryption of victim data with anonymous payments via BitCoin or other crypto currencies.

“Ransomware has become a business model for hackers or criminals in a way that is phenomenal,” said Div. “This is something they know how to monetize and make a lot of money.”

That marks an important change from earlier generations of malware, which relied on stealing data and then finding buyers for it in the cyber underground. The ability to lock down data and then securely, anonymously sell it back to its owner has spawned a billion dollar cyber criminal business.

NeSmith said that his company has witnessed ransomware attacks becoming more targeted and less indiscriminate: often zeroing in on high value employees and systems with the goal of locking down victim organizations.

And, with business booming, ransomware vendors are now embracing many of the same strategies and features of legitimate software vendors to provide services to both their customers and their victims, from hosted “ransomware as a service” operations to 24/7 “customer” support to help victims transact and get their data back.

Check our our full conversation in our latest Security Ledger podcast below or at Soundcloud. You can also listen to it on iTunes.  As always, if you like our intro music, give some love to the group JoeLess Shoe, who recorded “Baxton,” the song we use in just about every podcast.

Security Ledger wants to hear your thoughts! Leave a reply.