The scourge that is ransomware has had a devastating impact on the lives of ordinary people around the world, but it doesn't have to be that way, according to a panel of experts speaking at the 2021 RSA Conference on May 18.
Ransomware is not a new problem in 2021, and it certainly is not one that appears to be diminishing by any measure; rather, it's growing. Jen Miller-Osborn, deputy director of threat intelligence for Unit 42 at Palo Alto Networks, commented that, according to her firm's research, from 2019 to 2020 the average ransom payment nearly tripled, from $115,123 to $312,493. In that same period the highest ransom payment doubled from $5m to $10m.
"They're just gaining more and more money, and when that happens ransomware becomes more and more popular in the criminal sector," Miller-Osborn said.
The Evolution of Ransomware
Michael Daniel, president and CEO at the Cyber Threat Alliance, explained that over the course of the last decade, ransomware has changed.
"If you look back to, say, 2013, ransomware was typically targeted at an individual's computer, and the average ransom was like 100 or 150 bucks, so it was a fairly minimal affair," Daniel said.
In contrast, in 2021 Daniel noted that the average ransom is more than $300,000, and it's not just individuals being targeted—it's things like schools systems, hospitals and the energy grid.
As the cost and scale of ransomware attacks have grown, so too has the complexity of trying to limit the risk and the ability to shut down attackers. Among the challenges is that the impact of ransomware isn't limited to any one industry or even any one agency within the US government.
Phil Reiner, chief executive officer, Institute for Security and Technology and Ransomware Task Force, explained that one of the primary reasons why the Ransomware Task Force existed was to help deal with the fast-moving threat landscape.
"It takes senior-level, top-down interest in a problem like this to really get after it with the resources that are required, and the prioritization of the issue needs to be raised in order to actually do something differently," Reiner said. "It's not business as usual. This is not just a normal cybersecurity threat—it's a plague."
No tags.
