On the Economic Impact of Crypto-ransomware Attacks: The State of the Art on Enterprise Systems

Abstract

According to Cybersecurity Ventures research in 2017, in every 40 s, a business falls prey to a ransomware attack and the rate is predicted to rise to 14 s by 2019. Business organizations have had to pay cybercriminals even up to $1 million in a single attack, while others have incurred losses in hundreds of millions of dollars. Clearly, ransomware is an emerging cyberthreat to enterprise systems that can no longer be ignored. In this paper, we address the various facets of the ransomware pandemic narrowing down to the technical and economic impacts. We formulate an attack model applicable to cascaded network design structures common in enterprise systems, detailing the various susceptible ransomware entry points. We evaluate how the incorporation of asymmetric and symmetric encryption in hybrid cryptosystems with worm-like properties in recent ransomware strains has brought about tragic targeted ransomware attacks campaigns such as WannaCry, Erebus, and SamSam. We also detail the economic impact of ransomware on various businesses in terms of paid ransoms and loss of revenue due to downtime and loss of production. Results show the substantial role played by the Bitcoin cryptocurrency and email as the prevalent attack vector in indiscriminate attack campaigns, while vulnerability exploitation is dominant in targeted attacks. Furthermore, results show that lack of offline backup and poorly implemented offline backup strategies end up costing businesses more than the ransom demand itself. We suggest mitigation strategies and recommend best practices based on the demystified core components of successful ransomware attacks campaigns.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

References

  1. Adams R, Kewell B, Parry G (2018) Blockchain for good? Digital ledger technology and sustainable development goals. In: Handbook of sustainability and social science research. Springer, Cham, pp 127–140

  2. Agrawal M, Mishra P (2012) A comparative survey on symmetric key encryption techniques. Int J Comput Sci Eng 4(5):877

    Google Scholar 

  3. Al Hasib A, Haque AAMM (2008) A comparative study of the performance and security issues of AES and RSA cryptography. In: Third international conference on convergence and hybrid information technology, 2008, ICCIT’08. IEEE, vol 2, pp 505–510

  4. Al Nabki MW, Fidalgo E, Alegre E, de Paz I (2017) Classifying illegal activities on TOR network based on web textual contents. In: Proceedings of the 15th conference of the European chapter of the association for computational linguistics: volume 1, long papers, vol 1, pp 35–43

  5. Al-rimy BAS, Maarof MA, Shaid SZM (2017) A 0-day aware crypto-ransomware early behavioral detection framework. In: International conference of reliable information and communication technology. Springer, Cham, pp 758–766

  6. Al-rimy BAS, Maarof MA, Shaid SZM (2018) Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput Secur 74:144–166

    Article  Google Scholar 

  7. Androulaki E, Karame GO, Roeschlin M, Scherer T, Capkun S (2013) Evaluating user privacy in bitcoin. In: International conference on financial cryptography and data security. Springer, Berlin, Heidelberg, pp 34–51

  8. Aziz A (2013) The evolution of cyber attacks and next generation threat protection. In: RSA conference

  9. Baek S, Jung Y, Mohaisen A, Lee S, Nyang D (2018) SSD-insider: internal defense of solid-state drive against ransomware with perfect data recovery. In: 2018 IEEE 38th international conference on distributed computing systems (ICDCS). IEEE

  10. Bisson D (2016) Hollywood hospital pays $17,000 to ransomware attackers. https://www.tripwire.com/state-of-security/latest-security-news/hollywood-hospital-pays-17000-to-ransomware-attackers/

  11. Bistarelli S, Parroccini M, Santini F (2018) Visualizing bitcoin flows of ransomware: WannaCry one week later. In: Italian Conference on Cybersecurity (ITASEC), vol 2058, pp 1–8

  12. BitInfoCharts (2018) Bitcoin wallet WannaCry-wallet. https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet. Accessed 11 July 2018

  13. Bodenheim R, Butts J, Dunlap S, Mullins B (2014) Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices. Int J Crit Infrastruct Prot 7(2):114–123

    Article  Google Scholar 

  14. Bozhikov A (2018) Ransomware—a growing threat to the information security of business organizations. Securitatea Informatională 13:14

    Google Scholar 

  15. Brewer R (2016) Ransomware attacks: detection, prevention and cure. Netw Secur 2016(9):5–9

    Article  Google Scholar 

  16. Cabaj K, Mazurczyk W (2016) Using software-defined networking for ransomware mitigation: the case of cryptowall. IEEE Netw 30(6):14–20

    Article  Google Scholar 

  17. CBC News (2016) University of calgary paid $20 k in ransomware attack. https://www.cbc.ca/news/canada/calgary/university-calgary-ransomware-cyberattack-1.3620979. Accessed 19 June 2018

  18. Chen J (2018) Effectively exercising deterrence in the cyber domain. In: ICCWS 2018 13th international conference on cyber warfare and security. Academic Conferences and Publishing Limited, p 120

  19. Chirgwin R (2017) South Korean hosting co. pays $1 m ransom to end eight-day outage. https://www.theregister.co.uk/2017/06/20/south_korean_webhost_nayana_pays_ransom/. Accessed 30 July 2018

  20. Clay J (2018) Ransomware growth will plateau in 2017, but attack methods and targets will diversify. In: TrendMicro. https://blog.trendmicro.com/ransomware-growth-will-plateau-in-2017-but-attack-methods-and-targets-will-diversify/. Accessed 7 July 2018

  21. Conti M, Gangwal A, Ruj S (2018) On the economic significance of ransomware campaigns: a Bitcoin transactions perspective. Comput Secur 79:162–189. https://doi.org/10.1016/j.cose.2018.08.008

    Article  Google Scholar 

  22. Crowe J (2017) 5 Ransomware attack postmortems. Barkly. https://blog.barkly.com/5-ransomware-attack-postmortems-new-ebook. Accessed 30 July 2018

  23. Davis J (2018) Allscripts sued over ransomware attack, accused of ‘wanton’ disregard. https://www.healthcareitnews.com/news/allscripts-sued-over-ransomware-attack-accused-wanton-disregard. Accessed 10 Oct 2018

  24. Ehrenfeld JM (2017) Wannacry, cybersecurity and health information technology: a time to act. J Med Syst 41(7):104

    Article  Google Scholar 

  25. Elminaam DSA, Abdual-Kader HM, Hadhoud MM (2010) Evaluating the performance of symmetric encryption algorithms. IJ Netw Secur 10(3):216–222

    Google Scholar 

  26. Everett C (2016) Ransomware: to pay or not to pay? Comput Fraud Secur 2016(4):8–12

    Article  Google Scholar 

  27. Fayi SYA (2018) What Petya/NotPetya ransomware is and what its remidiations are. In: Information technology-new generations. Springer, Cham, pp 93–100

  28. Google Trends (2018) https://trends.google.com/trends/explore?date=2016-10-18%202018-07-18&geo=US&q=ransomware. Accessed 07 July 2018

  29. Heartfield R, Loukas G (2016) A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Comput Surv (CSUR) 48(3):37

    Google Scholar 

  30. Houben G, Lenie K, Vanhoof K (1999) A knowledge-based SWOT-analysis system as an instrument for strategic planning in small and medium sized enterprises. Decis Support Syst 26(2):125–135

    Article  Google Scholar 

  31. Huber M, Mulazzani M, Weippl E, Kitzler G, Goluch S (2011) Friend-in-the-middle attacks: exploiting social networking sites for spam. IEEE Internet Comput 15(3):28–34

    Article  Google Scholar 

  32. Irwin AS, Turner AB (2018) Illicit Bitcoin transactions: challenges in getting to the who, what, when and where. J Money Laund Control 21(3):297–313

    Article  Google Scholar 

  33. Isdale H (2017) Cybersecurity and the family office. Int Fam Off J 1(1):36–42

    Google Scholar 

  34. Ismail N (2017) Downtime is key cost of ransomware attacks. In: InformationAge. https://www.information-age.com/downtime-key-cost-ransomware-attacks-123465510/. Accessed 21 July 2018

  35. Ji Q, Bouri E, Gupta R, Roubaud D (2018) Network causality structures among Bitcoin and other financial assets: a directed acyclic graph approach. Q Rev Econ Finance 70:203–213

    Article  Google Scholar 

  36. Kao DY, Hsiao SC (2018) The dynamic analysis of WannaCry ransomware. In: 2018 20th international conference on advanced communication technology (ICACT). IEEE, pp 159–166

  37. Khalilov MCK, Levi A (2018) A survey on anonymity and privacy in bitcoin-like digital cash systems. IEEE Commun Surv Tutor 20(3):2543–2585

    Article  Google Scholar 

  38. Kim W, Jeong OR, Kim C, So J (2011) The dark side of the internet: attacks, costs and responses. Inf Syst 36(3):675–705

    Article  Google Scholar 

  39. Krombholz K, Hobel H, Huber M, Weippl E (2015) Advanced social engineering attacks. J Inf Secur Appl 22:113–122

    Google Scholar 

  40. Kshetri N, Voas J (2017) Do crypto-currencies fuel ransomware?. IT Professional. IEEE Comput Soc 19(5):11–15. https://doi.org/10.1109/MITP.2017.3680961

    Article  Google Scholar 

  41. Li K, Yang R, Au MH, Xu Q (2017) Practical range proof for cryptocurrency Monero with provable security. In: International conference on information and communications security. Springer, Cham, pp 255–262

  42. Maass B (2018) Ransomware hits CDOT computers. CBS denver. https://denver.cbslocal.com/2018/02/21/ransomware-hits-cdot-computers/. Accessed 30 May 2018

  43. Malwarebytes (2016) Understanding the depth of the global ransomware problem. An Osterman research survey report

  44. Mather T, Kumaraswamy S, Latif S (2009) Cloud security and privacy: an enterprise perspective on risks and compliance. O’Reilly Media Inc, Newton

    Google Scholar 

  45. Mathews L (2017) Massive ransomware attack unleashes 23 million emails in 24 hours. https://www.forbes.com/sites/leemathews/2017/08/31/massive-ransomware-attack-unleashes-23-million-emails-in-24-hours/#6342e722394b. Accessed 21 July 2018

  46. Melissa M (2017) The state of cyber security 2017. In: F-Secure. https://business.f-secure.com/the-state-of-cyber-security-2017. Accessed 20 July 2018

  47. Møller C (2003) ERP II-next-generation extended enterprise resource planning. In: Proceedings of the seventh world multi-conference on systemics, cybernetics and informatics, Orlando, US

  48. Newman IH (2018) Atlanta spent $2.6 M to recover from a $52,000 ransomware scare. https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/. Accessed 20 June 2018

  49. O’Kane P, Sezer S, Carlin D (2018) Evolution of ransomware. IET Netw 7(5):321–327

    Article  Google Scholar 

  50. Panetto H, Cecil J (2013) Information systems for enterprise integration, interoperability and networking: theory and applications. Enterp Inf Syst 7(1):1–6

    Article  Google Scholar 

  51. Parker JF (2018) Blockchain technology simplified: the complete guide to blockchain management, mining, trading and investing cryptocurrency. CreateSpace Independent Publishing Platform, USA. ISBN:1984016105 9781984016102

  52. Pathak PB, Nanded YM (2016) A dangerous trend of cybercrime: ransomware growing challenge. Int J Adv Res Comput Eng Technol (IJARCET), 5:371–373

  53. Pauli D (2017) Like stealing data from a kid: LA school pays web scum US$28,000 ransom. https://www.theregister.co.uk/2017/01/10/la_school_pays_web_scum_28000_ransom/. Accessed 03 Aug 2018

  54. Ragan S (2018) SamSam ransomware attacks have earned nearly $850,000. https://www.csoonline.com/article/3263693/security/samsam-ransomware-attacks-have-earned-nearly-850-000.html. Accessed 30 July 2018

  55. Responsive (2017) Small business ransomware defense plan: protect, backup, upgrade, & update. https://responsive.us/2017/06/21/small-business-ransomware-defense-plan/. Accessed 10 June 2018

  56. Richardson R, North M (2017) Ransomware: evolution, mitigation and prevention. Int Manag Rev 13(1):10–21

    Google Scholar 

  57. Roberts N (2018). Ransomware: an evolving threat. Doctoral dissertation, Utica College

  58. Romero D, Vernadat F (2016) Enterprise information systems state of the art: past, present and future trends. Comput Ind 79:3–13

    Article  Google Scholar 

  59. Secureworks (2018) Counter threat unit threat intelligence. SamSam ransomware campaigns. https://www.secureworks.com/research/samsam-ransomware-campaigns. Accessed 15 July 2018

  60. Sittig DF, Singh H (2016) A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Appl Clin Inform 7(2):624

    Article  Google Scholar 

  61. Snell E (2018) Patient data unaffected in hancock health ransomware attack. https://healthitsecurity.com/news/patient-data-unaffected-in-hancock-health-ransomware-attack. Accessed 16 June 2018

  62. Spence N, Paul III DP, Coustasse A (2017) Ransomware in healthcare facilities: the future is now. Academy of Business Research, Fall 2017 Conference. Atlantic City, NJ, pp. 1–14

  63. Srinivasan CR (2017) Hobby hackers to billion-dollar industry: the evolution of ransomware. Comput Fraud Secur 2017(11):7–9

    Article  Google Scholar 

  64. Sun Y, Yin L, Wang Z, Guo Y, Fang B (2018) Identifying the propagation sources of stealth worms. In: International conference on computational science. Springer, Cham, pp 811–817

  65. Sun X, Dai J, Liu P, Singhal A, Yen J (2018b) Using Bayesian networks for probabilistic identification of zero-day attack paths. IEEE Trans Inf Forensics Secur 13(10):2506–2521

    Article  Google Scholar 

  66. van Wegberg R, Oerlemans JJ, van Deventer O (2018) Bitcoin money laundering: mixed results? An explorative study on money laundering of cybercrime proceeds using bitcoin. J Financ Crime 25(2):419–435

    Google Scholar 

  67. Wang Z, Wu X, Liu C, Liu Q, Zhang J (2018) RansomTracer: exploiting cyber deception for ransomware tracing. In: 2018 IEEE third international conference on data science in cyberspace (DSC). IEEE

  68. Williams TJ (1994) The Purdue enterprise reference architecture. Comput Ind 24(2–3):141–158

    Article  Google Scholar 

  69. Wirth A (2018) The times they are a-changin’: part one. Biomed Instrum Technol 52(2):148–152

    Article  Google Scholar 

  70. WorldCoinIndex (2018) Bitcoin BTC/USD. https://www.worldcoinindex.com/coin/bitcoin. Accessed 9 July 2018

  71. Yildirim EY, Akalp G, Aytac S, Bayram N (2011) Factors influencing information security management in small- and medium-sized enterprises: a case study from Turkey. Int J Inf Manag 31(4):360–365

    Article  Google Scholar 

  72. Young AL, Yung M (2017) Cryptovirology: the birth, neglect, and explosion of ransomware. Commun ACM 60(7):24–26

    Article  Google Scholar 

  73. Zhang WJ, Lin Y (2010) On the principle of design of resilient systems—application to enterprise information systems. Enterp Inf Syst 4(2):99–110

    Article  Google Scholar 

  74. Zimba A (2017) Malware-free intrusion: a novel approach to Ransomware infection vectors. Int J Comput Sci Inf Secur 15(2):317

    Google Scholar 

  75. Zimba A, Wang Z, Simukonda L (2018) Towards data resilience: the analytical case of crypto ransomware data recovery techniques. Int J Inf Technol Comput Sci 10(1):40–51

    Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Aaron Zimba.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Zimba, A., Chishimba, M. On the Economic Impact of Crypto-ransomware Attacks: The State of the Art on Enterprise Systems. Eur J Secur Res 4, 3–31 (2019). https://doi.org/10.1007/s41125-019-00039-8

Download citation

Keywords

  • Enterprise security, cyberthreat, crypto-ransomware, encryption
  • Cryptocurrency
  • Bitcoin