Abstract
According to Cybersecurity Ventures research in 2017, in every 40 s, a business falls prey to a ransomware attack and the rate is predicted to rise to 14 s by 2019. Business organizations have had to pay cybercriminals even up to $1 million in a single attack, while others have incurred losses in hundreds of millions of dollars. Clearly, ransomware is an emerging cyberthreat to enterprise systems that can no longer be ignored. In this paper, we address the various facets of the ransomware pandemic narrowing down to the technical and economic impacts. We formulate an attack model applicable to cascaded network design structures common in enterprise systems, detailing the various susceptible ransomware entry points. We evaluate how the incorporation of asymmetric and symmetric encryption in hybrid cryptosystems with worm-like properties in recent ransomware strains has brought about tragic targeted ransomware attacks campaigns such as WannaCry, Erebus, and SamSam. We also detail the economic impact of ransomware on various businesses in terms of paid ransoms and loss of revenue due to downtime and loss of production. Results show the substantial role played by the Bitcoin cryptocurrency and email as the prevalent attack vector in indiscriminate attack campaigns, while vulnerability exploitation is dominant in targeted attacks. Furthermore, results show that lack of offline backup and poorly implemented offline backup strategies end up costing businesses more than the ransom demand itself. We suggest mitigation strategies and recommend best practices based on the demystified core components of successful ransomware attacks campaigns.
Similar content being viewed by others
References
Adams R, Kewell B, Parry G (2018) Blockchain for good? Digital ledger technology and sustainable development goals. In: Handbook of sustainability and social science research. Springer, Cham, pp 127–140
Agrawal M, Mishra P (2012) A comparative survey on symmetric key encryption techniques. Int J Comput Sci Eng 4(5):877
Al Hasib A, Haque AAMM (2008) A comparative study of the performance and security issues of AES and RSA cryptography. In: Third international conference on convergence and hybrid information technology, 2008, ICCIT’08. IEEE, vol 2, pp 505–510
Al Nabki MW, Fidalgo E, Alegre E, de Paz I (2017) Classifying illegal activities on TOR network based on web textual contents. In: Proceedings of the 15th conference of the European chapter of the association for computational linguistics: volume 1, long papers, vol 1, pp 35–43
Al-rimy BAS, Maarof MA, Shaid SZM (2017) A 0-day aware crypto-ransomware early behavioral detection framework. In: International conference of reliable information and communication technology. Springer, Cham, pp 758–766
Al-rimy BAS, Maarof MA, Shaid SZM (2018) Ransomware threat success factors, taxonomy, and countermeasures: a survey and research directions. Comput Secur 74:144–166
Androulaki E, Karame GO, Roeschlin M, Scherer T, Capkun S (2013) Evaluating user privacy in bitcoin. In: International conference on financial cryptography and data security. Springer, Berlin, Heidelberg, pp 34–51
Aziz A (2013) The evolution of cyber attacks and next generation threat protection. In: RSA conference
Baek S, Jung Y, Mohaisen A, Lee S, Nyang D (2018) SSD-insider: internal defense of solid-state drive against ransomware with perfect data recovery. In: 2018 IEEE 38th international conference on distributed computing systems (ICDCS). IEEE
Bisson D (2016) Hollywood hospital pays $17,000 to ransomware attackers. https://www.tripwire.com/state-of-security/latest-security-news/hollywood-hospital-pays-17000-to-ransomware-attackers/
Bistarelli S, Parroccini M, Santini F (2018) Visualizing bitcoin flows of ransomware: WannaCry one week later. In: Italian Conference on Cybersecurity (ITASEC), vol 2058, pp 1–8
BitInfoCharts (2018) Bitcoin wallet WannaCry-wallet. https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet. Accessed 11 July 2018
Bodenheim R, Butts J, Dunlap S, Mullins B (2014) Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices. Int J Crit Infrastruct Prot 7(2):114–123
Bozhikov A (2018) Ransomware—a growing threat to the information security of business organizations. Securitatea Informatională 13:14
Brewer R (2016) Ransomware attacks: detection, prevention and cure. Netw Secur 2016(9):5–9
Cabaj K, Mazurczyk W (2016) Using software-defined networking for ransomware mitigation: the case of cryptowall. IEEE Netw 30(6):14–20
CBC News (2016) University of calgary paid $20 k in ransomware attack. https://www.cbc.ca/news/canada/calgary/university-calgary-ransomware-cyberattack-1.3620979. Accessed 19 June 2018
Chen J (2018) Effectively exercising deterrence in the cyber domain. In: ICCWS 2018 13th international conference on cyber warfare and security. Academic Conferences and Publishing Limited, p 120
Chirgwin R (2017) South Korean hosting co. pays $1 m ransom to end eight-day outage. https://www.theregister.co.uk/2017/06/20/south_korean_webhost_nayana_pays_ransom/. Accessed 30 July 2018
Clay J (2018) Ransomware growth will plateau in 2017, but attack methods and targets will diversify. In: TrendMicro. https://blog.trendmicro.com/ransomware-growth-will-plateau-in-2017-but-attack-methods-and-targets-will-diversify/. Accessed 7 July 2018
Conti M, Gangwal A, Ruj S (2018) On the economic significance of ransomware campaigns: a Bitcoin transactions perspective. Comput Secur 79:162–189. https://doi.org/10.1016/j.cose.2018.08.008
Crowe J (2017) 5 Ransomware attack postmortems. Barkly. https://blog.barkly.com/5-ransomware-attack-postmortems-new-ebook. Accessed 30 July 2018
Davis J (2018) Allscripts sued over ransomware attack, accused of ‘wanton’ disregard. https://www.healthcareitnews.com/news/allscripts-sued-over-ransomware-attack-accused-wanton-disregard. Accessed 10 Oct 2018
Ehrenfeld JM (2017) Wannacry, cybersecurity and health information technology: a time to act. J Med Syst 41(7):104
Elminaam DSA, Abdual-Kader HM, Hadhoud MM (2010) Evaluating the performance of symmetric encryption algorithms. IJ Netw Secur 10(3):216–222
Everett C (2016) Ransomware: to pay or not to pay? Comput Fraud Secur 2016(4):8–12
Fayi SYA (2018) What Petya/NotPetya ransomware is and what its remidiations are. In: Information technology-new generations. Springer, Cham, pp 93–100
Google Trends (2018) https://trends.google.com/trends/explore?date=2016-10-18%202018-07-18&geo=US&q=ransomware. Accessed 07 July 2018
Heartfield R, Loukas G (2016) A taxonomy of attacks and a survey of defence mechanisms for semantic social engineering attacks. ACM Comput Surv (CSUR) 48(3):37
Houben G, Lenie K, Vanhoof K (1999) A knowledge-based SWOT-analysis system as an instrument for strategic planning in small and medium sized enterprises. Decis Support Syst 26(2):125–135
Huber M, Mulazzani M, Weippl E, Kitzler G, Goluch S (2011) Friend-in-the-middle attacks: exploiting social networking sites for spam. IEEE Internet Comput 15(3):28–34
Irwin AS, Turner AB (2018) Illicit Bitcoin transactions: challenges in getting to the who, what, when and where. J Money Laund Control 21(3):297–313
Isdale H (2017) Cybersecurity and the family office. Int Fam Off J 1(1):36–42
Ismail N (2017) Downtime is key cost of ransomware attacks. In: InformationAge. https://www.information-age.com/downtime-key-cost-ransomware-attacks-123465510/. Accessed 21 July 2018
Ji Q, Bouri E, Gupta R, Roubaud D (2018) Network causality structures among Bitcoin and other financial assets: a directed acyclic graph approach. Q Rev Econ Finance 70:203–213
Kao DY, Hsiao SC (2018) The dynamic analysis of WannaCry ransomware. In: 2018 20th international conference on advanced communication technology (ICACT). IEEE, pp 159–166
Khalilov MCK, Levi A (2018) A survey on anonymity and privacy in bitcoin-like digital cash systems. IEEE Commun Surv Tutor 20(3):2543–2585
Kim W, Jeong OR, Kim C, So J (2011) The dark side of the internet: attacks, costs and responses. Inf Syst 36(3):675–705
Krombholz K, Hobel H, Huber M, Weippl E (2015) Advanced social engineering attacks. J Inf Secur Appl 22:113–122
Kshetri N, Voas J (2017) Do crypto-currencies fuel ransomware?. IT Professional. IEEE Comput Soc 19(5):11–15. https://doi.org/10.1109/MITP.2017.3680961
Li K, Yang R, Au MH, Xu Q (2017) Practical range proof for cryptocurrency Monero with provable security. In: International conference on information and communications security. Springer, Cham, pp 255–262
Maass B (2018) Ransomware hits CDOT computers. CBS denver. https://denver.cbslocal.com/2018/02/21/ransomware-hits-cdot-computers/. Accessed 30 May 2018
Malwarebytes (2016) Understanding the depth of the global ransomware problem. An Osterman research survey report
Mather T, Kumaraswamy S, Latif S (2009) Cloud security and privacy: an enterprise perspective on risks and compliance. O’Reilly Media Inc, Newton
Mathews L (2017) Massive ransomware attack unleashes 23 million emails in 24 hours. https://www.forbes.com/sites/leemathews/2017/08/31/massive-ransomware-attack-unleashes-23-million-emails-in-24-hours/#6342e722394b. Accessed 21 July 2018
Melissa M (2017) The state of cyber security 2017. In: F-Secure. https://business.f-secure.com/the-state-of-cyber-security-2017. Accessed 20 July 2018
Møller C (2003) ERP II-next-generation extended enterprise resource planning. In: Proceedings of the seventh world multi-conference on systemics, cybernetics and informatics, Orlando, US
Newman IH (2018) Atlanta spent $2.6 M to recover from a $52,000 ransomware scare. https://www.wired.com/story/atlanta-spent-26m-recover-from-ransomware-scare/. Accessed 20 June 2018
O’Kane P, Sezer S, Carlin D (2018) Evolution of ransomware. IET Netw 7(5):321–327
Panetto H, Cecil J (2013) Information systems for enterprise integration, interoperability and networking: theory and applications. Enterp Inf Syst 7(1):1–6
Parker JF (2018) Blockchain technology simplified: the complete guide to blockchain management, mining, trading and investing cryptocurrency. CreateSpace Independent Publishing Platform, USA. ISBN:1984016105 9781984016102
Pathak PB, Nanded YM (2016) A dangerous trend of cybercrime: ransomware growing challenge. Int J Adv Res Comput Eng Technol (IJARCET), 5:371–373
Pauli D (2017) Like stealing data from a kid: LA school pays web scum US$28,000 ransom. https://www.theregister.co.uk/2017/01/10/la_school_pays_web_scum_28000_ransom/. Accessed 03 Aug 2018
Ragan S (2018) SamSam ransomware attacks have earned nearly $850,000. https://www.csoonline.com/article/3263693/security/samsam-ransomware-attacks-have-earned-nearly-850-000.html. Accessed 30 July 2018
Responsive (2017) Small business ransomware defense plan: protect, backup, upgrade, & update. https://responsive.us/2017/06/21/small-business-ransomware-defense-plan/. Accessed 10 June 2018
Richardson R, North M (2017) Ransomware: evolution, mitigation and prevention. Int Manag Rev 13(1):10–21
Roberts N (2018). Ransomware: an evolving threat. Doctoral dissertation, Utica College
Romero D, Vernadat F (2016) Enterprise information systems state of the art: past, present and future trends. Comput Ind 79:3–13
Secureworks (2018) Counter threat unit threat intelligence. SamSam ransomware campaigns. https://www.secureworks.com/research/samsam-ransomware-campaigns. Accessed 15 July 2018
Sittig DF, Singh H (2016) A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Appl Clin Inform 7(2):624
Snell E (2018) Patient data unaffected in hancock health ransomware attack. https://healthitsecurity.com/news/patient-data-unaffected-in-hancock-health-ransomware-attack. Accessed 16 June 2018
Spence N, Paul III DP, Coustasse A (2017) Ransomware in healthcare facilities: the future is now. Academy of Business Research, Fall 2017 Conference. Atlantic City, NJ, pp. 1–14
Srinivasan CR (2017) Hobby hackers to billion-dollar industry: the evolution of ransomware. Comput Fraud Secur 2017(11):7–9
Sun Y, Yin L, Wang Z, Guo Y, Fang B (2018) Identifying the propagation sources of stealth worms. In: International conference on computational science. Springer, Cham, pp 811–817
Sun X, Dai J, Liu P, Singhal A, Yen J (2018b) Using Bayesian networks for probabilistic identification of zero-day attack paths. IEEE Trans Inf Forensics Secur 13(10):2506–2521
van Wegberg R, Oerlemans JJ, van Deventer O (2018) Bitcoin money laundering: mixed results? An explorative study on money laundering of cybercrime proceeds using bitcoin. J Financ Crime 25(2):419–435
Wang Z, Wu X, Liu C, Liu Q, Zhang J (2018) RansomTracer: exploiting cyber deception for ransomware tracing. In: 2018 IEEE third international conference on data science in cyberspace (DSC). IEEE
Williams TJ (1994) The Purdue enterprise reference architecture. Comput Ind 24(2–3):141–158
Wirth A (2018) The times they are a-changin’: part one. Biomed Instrum Technol 52(2):148–152
WorldCoinIndex (2018) Bitcoin BTC/USD. https://www.worldcoinindex.com/coin/bitcoin. Accessed 9 July 2018
Yildirim EY, Akalp G, Aytac S, Bayram N (2011) Factors influencing information security management in small- and medium-sized enterprises: a case study from Turkey. Int J Inf Manag 31(4):360–365
Young AL, Yung M (2017) Cryptovirology: the birth, neglect, and explosion of ransomware. Commun ACM 60(7):24–26
Zhang WJ, Lin Y (2010) On the principle of design of resilient systems—application to enterprise information systems. Enterp Inf Syst 4(2):99–110
Zimba A (2017) Malware-free intrusion: a novel approach to Ransomware infection vectors. Int J Comput Sci Inf Secur 15(2):317
Zimba A, Wang Z, Simukonda L (2018) Towards data resilience: the analytical case of crypto ransomware data recovery techniques. Int J Inf Technol Comput Sci 10(1):40–51
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Zimba, A., Chishimba, M. On the Economic Impact of Crypto-ransomware Attacks: The State of the Art on Enterprise Systems. Eur J Secur Res 4, 3–31 (2019). https://doi.org/10.1007/s41125-019-00039-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s41125-019-00039-8