Ransomware Is About to Become a $1 Billion Industry

There’s a reason companies fear large-scale breaches: In mere hours, these types of hacks can push a business to the financial brink. But recent studies point out that enterprises may only be acknowledging half the problem: Because as smaller, nuisance-based hacks grow more profitable, ransomware attacks are graduating from a “civilian” problem to an enterprise-level one. In other words, thieves finally figured out that there’s more money in companies than customers.

Although, between January 2015 and April 2016, consumers remained the majority of ransomware victims, a recent study shows that the margin between “civilians” and enterprises is closing in on a 50/50 split. Fortune cites another poll, which reached out to businesses in the U.S., Canada, U.K., and Germany over the past year. It determined that close to 40% of businesses have been victims of ransomware attacks. Forty-seven percent were American companies, with a third of them losing revenue.

“Cyber-criminals collected $209 million in the first three months of 2016 by extorting businesses and institutions to unlock computer servers,” CNN Money writes. “At that rate, ransomware is on pace to be a $1 billion a year crime.”

Schools, banks, hospitals—no industry is exempt. One of the most notorious recent attacks occurred at the Hollywood Presbyterian Hospital earlier this year. On February 5, hackers locked hospital systems—holding patient data hostage, while disrupting ER systems—by encrypting files. The criminals demanded $17K, which the hospital, facing fatalities, paid in bitcoin. “In the best interest of restoring normal operations,” President and CEO Allen Stefanek remarked, “we did this.” The FBI is conducting an investigation.

We know now of measures that can be taken to thwart this type of attack. Most IT specialists suggest starting by backing-up enterprise data, because in the event of an attack, the company can simply restore files. Also, since nearly half of ransomware attacks stem from phishing, it’s essential to teach employees to greet unsolicited downloads with skepticism.

Perhaps most resoundingly, Osterman Research states that existing security investments simply aren’t working. “Most organizations are not seeing improvements in the security solutions they have deployed and in the security practices they follow,” their report says. “In many cases…internal staff may not have the expertise to improve the performance of these solutions over time.”

According to the study, more than 60 percent of attacks took over nine hours to address. The most effective way to stop these attacks? “Continuously seek out innovative technologies to add to their customized, layered defense,” James Scott, senior fellow and co-founder of the Institute for Critical Infrastructure Technology told ZDnet, “such as a behavior-analytics platform, which quickly spots anomalous behavior.”