A single ransomware author and distributor was able to collect $121 million in ransomware payments during the first half of this year, netting $94 million after expenses, according to a report released today.
“Ransomware has grown over the years, and in 2015 and 2016 we really saw a serious spike,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs.
Weafer estimated that total ransomware revenues could be in the hundreds of millions.
“And that’s on the conservative side,” he said.
There were also nearly 2 million new mobile malware samples, also the highest ever recorded. Total mobile malware grew 151 percent in the past year, according to the report.
The report also included the results of a data protection benchmark study, surveying security practitioners around the world. According to the survey, companies with more than 5,000 employees reported a median of 31 to 50 data loss incidents — per day.
WHAT SHOULD YOU DO: How to respond to ransomware threats
The smallest companies in the survey, with between 1,000 and 3,000 employees, reported a medium of 11 to 20 data loss incidents per day.
The worst-hit were government organizations and financial services, with an average of 22 incidents per day, followed by retail with 20 incidents and health care with 19.
The breaches were serious enough that 68 percent required public disclosure, the report said.
According to Weafer, the research highlighted two major gaps in security focus — physical media, and cloud services. Nearly 40 percent of the data losses involved some kind of physical media, such as stolen or lost laptops or thumb drives.
“There’s a significant amount of data going out by physical medium,” he said. “Are you actually monitoring those areas?”
Only 37 percent of organizations do the kind of monitoring of user activity and media connections that could address these types of losses, according to the survey.
The survey showed significantly higher losses via physical media than the Verizon breach report, which put the number of security incidents involving physical theft or loss at less than 10 percent of the total. But the Verizon report is largely based on incidents that involve outside forensics, Weafer explained. Stolen or lost devices may not require that kind of investigation, he said.
There’s also a security focus gap when it comes to use of cloud services, Weafer said.
“By and large, they’re not really monitoring a lot of cloud services where their data is stored, particularly public cloud services,” he said.
According to the survey, only 12 percent of respondents had confidence in their visibility of their data in the cloud.
Nearly 90 percent have some protections in place, however.
“They’re looking at restrictions of which employees are allowed to go into the cloud,” he said. “The basic things. But what data is there, how to monitor it — they’re still catching up.”
This story, “A single ransomware network has pulled in $121 million” was originally published by
CSO.