We can’t go a week without commenting on how rampant ransomware is in the industry. The FBI recently released a report confirming how devastating ransomware has become for U.S. businesses.
According to the report, ransomware infections caused more than $1.6 million in losses in 2015. The FBI Internet Crime Complaint Center IC3 received 2,453 complaints of ransomware in 2015. In total, IC3 received 288,012 complaints from individuals and companies, with a reported total loss from hackings of $1.07 billion. Yes, that is with a “b.” Ransomware alone resulted in adjusted losses of $1,620,814.
These figures represent only losses that are reported to the FBI, so these figures do not reflect the total picture, as many companies continue to keep such information private and not notify law enforcement when they become a victim of an intrusion. Other sources estimate that losses associated with ransomware is closer to $24 million.
Whatever the true number, ransomware is not going away, and as long as companies continue to pay the cybercriminals to get their data back, the problem will continue. The FBI does not recommend payment to the criminals. Having a robust back up system and testing it is an important part of the strategy to be prepared for a ransomware attack.
Of course, the number one cause of data loss, according to the FBI report, continues to be social engineering and email compromises. The reported losses associated with business email compromises in 2015 was $246,226,016.
More recently, PhishMe has stated that as of the end of March, 2016, 93% of all phishing emails contained encryption ransomware. This figure is up from 56% in December, 2015. Even more surprising is that according to PhishMe, the number of phishing emails in the first quarter of 2016 exceeded 6.3 million, which represents a 789% increase over the last quarter in 2015.
Folks—phishing is not going away. Phishing scams are increasingly including ransomware, and paying the ransom will only give the hackers incentive to keep phishing away.