Why Ransomware is a Threat to Availability

According to the FBI, ransomware became a billion dollar industry in 2016.  That is right, $1 billion. 

If ransomware were a legitimate industry, it would be the focus of case studies in every business school in the world as its growth is unprecedented.  This growth is attributed to four primary reasons.

  1. The amount of money being generated
  2. The consumerization of IT
  3. The proliferation of cryptocurrency
  4. The launch of Ransomware-as-a-Service

The Money

The money involved is simply staggering.  The highest paid ransom to date was paid just a few months ago by a South Korean web hosting company in which all 153 of their web servers were encrypted.  Negotiations between company management and the hackers arrived at an agreed price of $1 million that was paid in three installments; each installment decrypting a batch of servers.  Thirty days later, a Canadian firm was forced to pay $425k to retrieve their data.  The company had little choice as a phishing email attack launched a ransomware attack that targeted not only their data, but their backups as well.  Whoever the hackers were, they knew the design of the targeted enterprise very well and we able to implement the attack with pinpoint accuracy.

As hefty as these payouts are, the damage does not stop with the ransom.  A recent survey of companies that had experienced a ransomware attack faced additional costs as well including:

  • Investment in security technology (33%)
  • Money lost from downtime (32%)
  • Loss of customers (32%)


In most cases, the cost of the aftermath is far worse than any ransom.  A prime example of this was the case of Nuance Communications, a major provider of voice and language tools that was hit with the Petya attack back in June.  Three weeks after the attack, the company had still not been able to bring back up some of their critical business operations.  What’s more, they reported that the costs of the aftermath would impact their quarterly revenues, sending their stock price, downward as well.  Denmark shipping and logistics conglomerate, A.P. Moller-Maersk, reported a negative impact of over $200 million because of a two-week disruption to operations following the Petya attack.  Other corporations have reported similar experiences.

Easy Payment and Deployment

Extortion used to be a tough endeavor to pull off.  It often involved a drop off point involving a suitcase of hard cash.  In fact, early ransomware attacks years ago involved Western Union payments or prepaid cash cards that were sold at retail outlets.  None of these payment methods were scalable.  They were cumbersome for both parties and were traceable by law enforcement.   Ransomware was a rare event because of payment limitations. Then came the popularity of Bitcoin and other cryptocurrencies.  These digital currencies allow for decentralized, anonymous and unregulated transactions.  All of this makes for an ideal currency for hackers.

Ransomware-as-a-Service kits are available for purchase on the dark web for as little as $40.

Not only is it easy to get paid, it is easy to be a ransomware hacker as well.  Ransomware-as-a-Service kits are available for purchase on the dark web for as little as $40.  These RaaS distribution channels are highly organized and structured much like a traditional multi-level marketing company.  These kits are wizard driven, making it easy for someone with little or no hacker skills to create their own ransomware attacks.   Ransoms are shared between the associate and the distribution kingpin.

Email continues to be the dominant distribution method of ransomware through embedded links or malware infected attachments.  Even browsing the Internet can result in a ransomware attack as users unknowingly download a malware infection disguised as a download, image, video or plugin update.  The fact is that hackers no longer spend their time trying to infiltrate network firewalls.  They simply target users, as they are the weakest endpoints of an enterprise.

The Need for Failover Redundancy

Despite the skyrocketing of costs of ransomware and the advancements that have made it convenient, scalable and cheap to implement, many organizations continue to ignore this monumental cyber threat.  According to a recent report conducted by the Ponemon Institute, only 46% of companies today consider the prevention of ransomware a high priority.  This is astounding considering the fact that many ransomware attacks as of late could have been prevented through regular patching and updating of machines.

Companies today must have redundant infrastructure in an alternate location such as servers, storage and network infrastructure designed around the replication of data.

Ransomware has vividly shown how truly devastating a ransomware attack can be upon businesses and organizations that rely on an omnipresent connection with their customers, users and partners.  This is why high availability and disaster recovery solutions are so imperative today.  A ransomware attack is indeed a disaster that can take an organization offline and out of commission.  Companies today must have redundant infrastructure in an alternate location such as servers, storage and network infrastructure designed around the replication of data.  This isn’t just about being prepared for an outage, but to have a protected location of your data in case one of your sites endures a malware encryption attack.  Cloud based failover and network load balancing solutions should be an important aspect of any such enterprise today, because ransomware is only a mouse click away.

Prevent your next outage now!


Other articles you might like to read: