According to the Institute for Critical Infrastructure Technology, ransomware attacks on healthcare and other organizations “will wreak havoc on America’s critical infrastructure community”. The latest report by the Institute also claims that nowadays the malware is so prevalent that it’s currently creating an economy of its own.
“New attacks will become common while unattended vulnerabilities that were silently exploited in 2015 will enable invisible adversaries to capitalize upon positions that they have previously laid claim,” the report published by the Institute for Critical Infrastructure Technology stated.
When it comes to the ransomware economy, the cyber criminals are using pricing calculations in order to target victims based on the most efficient ways to rake in money. Besides, hackers understand and engineer the pressures to put on the victims.
According to the above-mentioned report, ransomware hackers are discovering the right price to charge for targeted industries and individuals, citing a research which lists the average ransom paid by businesses at about $10,000.
“Healthcare organizations were not a primary target for ransomware attacks prior to 2016,” the report says. “But, the success of the Hollywood Presbyterian attack and the media coverage will ensure that attackers focus on the healthcare sector in the future.”
To be precise, according to a report published in November, 2015, ransomware is responsible for 406,887 attempted infections and accounts for a total of approximately $325 million in damages. Meanwhile, the market for malware keeps growing, in large part because of the low cost and ease in perfecting it.
Regarding the case of the major ransomware variant Crypotwall, CTU researchers estimated that in 2014, about 1.1% of the Cryptowall ransomware victims paid the ransom (at an average of $500), which might not look like a lot but the FBI said that 992 complaints Crytpowall netted more than $18 million between 2014 and 2015.
“The lesson is that ransomware, while less sophisticated than APT (advanced persistent threat) groups and other cyber criminals, is still significantly profitable, even when only a miniscule number of user fall for its scheme. ”And who knows how many infections were not reported?” ICIT experts wrote.