I have good news and bad news about ransomware. First, the good news — here’s a cartoon I created. I hope you enjoy it, because that’s the only good news i have. Now, for the bad news . . .
The Bad News: Be Afraid, Very Afraid
Everyone seems to be afraid of ransomware these days, but is the fear justified? Is ransomware more about hype than harm? Unfortunately, a recent study of international companies conducted by Malwarebytes provides some startling statistics to back up the fears. According to the study, 40% of companies worldwide and more than 50% of the US companies surveyed experienced a ransomware incident in the last year.
The stakes are very high — 3.5% of companies surveyed even indicated that lives were also at stake which was exemplified by a recent attack in Marin, California where doctors lost access to patient records for over 10 days.
Even More Bad News
In the first half of 2016, more new ransomware variants evolved than in all of 2015. One of the latest business threats is a strain called Fantom which tricks users into clicking on what they think will be an important Windows update. There is also evidence that a massive Locky ransomware campaign against hospitals took place in August, though the details of whether the attempts were successful have yet to emerge.
The Cost of Ransomware Is More Than Money
It would seem that in addition to the ransom payments, the real cost of ransomware is lost productivity. 63% of companies surveyed by Malwarebytes lost more than one business day trying to deal with a ransomware attack. Another study found that most small businesses lost at least 2 days trying to address ransomware.
Preventing and Coping With Ransomware
The most alarming finding from the Malwarebytes survey is that 96% of US companies did not feel confident in their ability to stop future ransomware attacks.
FTC Ransomware Workshop
The Good News
So what’s the good news? I gave you a cartoon. You can thank me by paying me a tip in bitcoin . . .
Previous Related Posts
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. This post was originally posted on his blog at LinkedIn, where Solove is a “LinkedIn Influencer.” His blog has more than 1 million followers.
Professor Solove is the organizer, along with Paul Schwartz of the Privacy + Security Forum (Oct. 24-26, 2016 in Washington, DC), an annual event that aims to bridge the silos between privacy and security.