Access your Pro+ Content below.
Recent ransomware attacks: Is it an epidemic or overblown?
This article is part of the Information Security issue of October 2017, Vol. 19, No. 8
Major news organizations stated that cybercriminals had raked in more than $209 million from ransomware victims in the first quarter of 2016, more than an eight-fold increase compared to the entire previous year. Citing data from the FBI, CNN predicted that 2016 would see cybercriminals collect more than $1 billion in profits from recent ransomware attacks by the end of the year. Both the Los Angeles Times and Reuters cited the $209 million figure, the Times calling it profits and Reuters portraying it as damages. The origin of that number is a mystery, however. Even a few months later, in August 2016, the FBI could not confirm the number, but cited a dramatically smaller figure -- $2.69 million -- as damages from ransomware for the first six months of the year. The agency had worked through the data and discounted large damage figures from certain companies, an FBI spokesperson said. In May of this year, the FBI released its "2016 Internet Crime Report," and the number had shrunk even further: 2,673 complaints identified as ...
Access this PRO+ Content for Free!
Features in this issue
Data breaches and incoming regulations are heightening the need for a data-centric security model, say security leaders. Here’s how to gain control and stop unauthorized use of your data.
A state CISO champions innovation for Washington, from early development of a single sign-on system to leadership of the new Office of Cyber Security.
Until WannaCry and NotPetya, estimates of ransomware cost and damages were likely overblown. But indications are that companies lost hundreds of millions from these malicious attacks alone.
Columns in this issue
When Yahoo finally disclosed a massive 2014 data breach to up to five hundred million affected account holders in September 2016, some already had legal representation.
The 'father' of the Orange Book has first-hand knowledge of the standards required for classified computer systems and the issues with subversion.