January 31, 2017
Ransomware attacks quadrupled in 2016 and will double again in 2017, according to a report issued on Monday by Beazley, a provider of data breach response insurance.
The "Beazley Breach Insights - January 2017," found that enterprises are most at risk after being hit with an IT system freeze, at the end of financial quarters and during hectic shopping periods.
Further, the increasing sophistication of the attacks, including continually evolving variants, enable the coders behind the incursions to survey network systems to choose the most critical assets to lock down and to increase their ransom demands based on the value of files they encrypt.
Based on analysis of nearly two thousand data breaches that Beazley's Breach Response division managed on behalf of clients in 2016, the study determined that there were four times as many ransomware attacks in 2016 compared to the previous year.
"The ease and effectiveness of these attacks portend an even larger increase in 2017 with Beazley projecting these attacks to double again in 2017," the study found.
As the number of attackers is only increasing, the company said the unintended disclosure of personal information – usually via emails or faxes sent to the wrong recipient – is "much more dangerous." Incidents of this type increased by nearly a third of all breaches in 2016, up from 24 percent in 2015, the study revealed.
The study also found that hacks and malware accounted for 40 percent of data breaches at financial institutions in 2016, up from 27 percent in 2015. Here too the incidence of unintended disclosure, primarily owing to misdirected emails, rose, rising from last year's tally by four percent – to 28 percent of breaches in 2016 from 24 percent in 2015.
In the education sector, the incidence of data breaches owing to hacks and malware jumped 10 percent – from 35 percent to 45 percent – with unintended disclosures caused 28 percent of breaches in 2016, up from 22 percent in 2015.
At the same time, mix-ups in the health care sector drove breach exposures, with misdirected faxes and emails or the improper release of discharge papers accounting for 40 percent of breaches in 2016, up from 30 percent in 2015.
"The threat from ransomware is not only growing, but evolving to allow hackers to target vulnerable organizations and their most valuable data files and adjust ransom demands accordingly," Katherine Keefe, global head of BBR Services, said in a statement. "The sustained increase in these threats in 2016 indicates that even more organizations will be attacked in 2017 and need to have incident response plans in place before they get a ransomware demand."