United States

Ransomware: Business account takeover threat

RSM US MMBI Cybersecurity Special Report 2018


Among data security attacks, ransomware—an attack where hackers hold company data hostage for payment—is a rapidly growing threat due to its ease to deploy and potential to monetize for criminals. While multinational organizations and large government entities garner significant media attention following a ransomware attack, smaller organizations are actually at a more acute risk because of the difference in internal resources.

A ransomware attack often occurs without a distinct target. Ransomware transcends boundaries between company size and industry; hackers deploying this tactic don’t care about the data, they care about company operations. So, inessence, the smaller a company is, and how much data it holds, has no bearing on the amount of ransom (typically in bitcoin) the company is required to pay for recovery.

An attack typically spreads through email campaigns initiated by hackers, with victims coming to the attacker when users—including unsuspecting employees—click on a link to a malicious or compromised website, or open a corrupt attachment.

Once executed, a ransomware attack locks a user’s computer screen and presents a message communicating that files have been encrypted. That message also includes a ransom note, detailing the amount necessary to unlock files before they are destroyed. Victims face a critical decision—whether to pay the ransom or attempt to remediate the attack and risk losing valuable data. Meanwhile, the ransom amount often increases as the deadline approaches.

"Ransomware continues to be distributed through traditional means such as fake or compromised email accounts, but we are also seeing a rise in alternative methods of deployment,” said Geopfert. “As an example, certain hacking crews will breach an organization’s environment via traditional means, move through the network as they would during a normal data breach, find the organization’s most sensitive systems, and manually deploy the ransomware. The first indicator to the organization that something might be wrong is when their most critical systems suddenly become nonresponsive.”

Through personal and peer experiences, many middle market executives understand the severity of ransomware threats. The RSM US Middle Market Business Index research found that nearly a third (31 percent) of executives know someone in another organization that has been the target of a ransomware attack.

Underscoring how pervasive the threat has become, RSM also found that 41 percent of middle market executives see their organizations as likely targets for a ransomware attack. In addition, more than twice as many executives at larger organizations (15 percent) see the ransomware threat as very likely than those at smaller companies (7 percent).

Given the frequency of ransomware attacks, it’s no surprise that many middle market organizations experienced the threat first hand in the last year. In fact, 18 percent of middle market executives claimed a ransomware attack or demand during the last 12 months, with 9 percent of companies suffering more than one attack.

Unfortunately, while the ransomware threat increases, protective measures at middle market companies may not be keeping pace. RSM’s research found that among breached organizations, 44 percent indicated that existing security and operational controls were not completely successful in dealing with ransomware attacks.

Despite ransomware’s growth, many middle market organizations may not understand how a threat manifests itself or the best way to address it. Implementing more effective defense measures including security awareness training, system backups, patch management and incident response planning can help to prevent attacks and respond to incidents.

Download the full report»

4   Larger middle market companies have annual revenues of $50 million to $1 billion and smaller companies have annual revenues of $10 million to $50 million.

How can we help you?

Learn more about our security, privacy and risk services.  Or get in touch with our risk advisory professionals.