HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

2017 has seen a 62% Increase in Ransomware Attacks

Up until the end of November, reported ransomware attacks in 2017 are up 62% year on year, according to a new report from anti-malware firm Malwarebytes.

Criminal gangs and opportunistic cybercriminals – termed the New Mafia by Malwarebytes – have embraced ransomware as a quick and easy way to make money and sabotage businesses. Since September 2015, there has been a 1988.6% increase in ransomware attacks and there is no sign that attacks will slow down, especially due to the ease at which attacks can be conducted using ransomware-as-a-service.

Malwarebytes notes that the true number of attacks is likely to be far higher. Many businesses attempt to conceal ransomware attacks due to the reputational damage that can be caused. Attacks are not reported and ransom demands are quietly paid to quickly regain access to data.

It is not only ransomware attacks that have increased. The average number of monthly cyberattacks on businesses has risen by 23% year over year, according to the report. That is on top of a 96% increase in cyberattacks on businesses the previous year.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

In the United States, only 21% of surveyed businesses said they have experienced no cyberattacks in the past 12 months. Malwarebytes notes that many of those businesses could be unaware that attacks have taken place and that there could be considerable knowledge gaps within organizations.

In the report, Malwarebytes points out that there are considerable discrepancies between various surveys, citing on PwC report that indicated 74% of business stakeholders believed they had not experienced a cyberattack in the past year, while the Malwarebytes survey, which was conducted on IT managers, CIOs, and CISOs, suggests the number of companies that have escaped a cyberattack in the past 12 months is far lower. Cyberattacks are occurring, but they are not being communicated to the C-suite leading to an underestimation of the threat level.

Some businesses have been extensively targeted. 41% of businesses experienced between 1 and 5 attacks, 10% had between 6 and 10 attacks, 5% experienced between 11 and 20 attacks and 22% have had 20 or more cyberattacks in the past year.

Even though the threat of cyberattacks is now at an all time high, many businesses are underestimating the threat and are failing to implement sufficient defenses to prevent attacks. Awareness of cybercrime needs to improve, businesses must accurately assess the likelihood of an attack occurring, and the C-suite should be more involved to ensure sufficient funds are allocated to cybersecurity to mitigate the threat. Malwarebytes suggests cybercrime must be elevated from a tech issue to a business-critical consideration, considering the damage that these cyberattacks can cause.

By improving collective awareness of the threats, sharing knowledge rather than trying to conceal attacks, and being proactive and implementing robust defenses it is possible for businesses to fight back and make it much harder for cybercriminals.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.