Data Breach Trends — 2016: the Year of Ransomware


Over the past year, the BakerHostetler Incident Response team has closely monitored data breach trends, and we are confident in concluding that 2016 was the year of ransomware. Nothing has had a greater impact or has been as widespread in 2016 than ransomware.

From a hospital in California to a police department in Massachusetts, ransomware has been a plague for organizations large and small. And yet, despite being around for years, 2016 was the year ransomware became an epidemic. Security firm Kaspersky Labs estimates that in the third quarter of 2016, a ransomware infection was occurring every 30 seconds, and a November 2016 study by SentinelOne found that half of all companies surveyed reported a ransomware attack in the past 12 months. With the FBI announcing that ransomware was on track to be a billion-dollar criminal enterprise, it’s no secret that money has been fueling this outbreak.

If you haven’t experienced a ransomware infection, don’t worry, you will. And while the impact of ransomware on your organization could be catastrophic, with advance preparation, it doesn’t have to be. The key is solid employee training, proper network segmentation and backups that are complete, up-to-date and regularly tested. Organizations that have prepared for an infection may find that ransomware is little more than a nuisance, much the way computer viruses and worms were back in the ’90s and early 2000s.

But don’t expect this threat to go quietly (or anytime soon). Ransomware has been surprisingly resilient. The phishing emails that propagate ransomware have become more sophisticated with some variants that have been known to target backup systems. Two trends that we expect to continue into 2017 include the use of full disk encryption by ransomware to deny access to the entire system and the use of ransomware as a method of monetizing hacking activities.

First, ransomware that utilizes full disk encryption denies access to both the files and the computer system it infects. This becomes an added pressure point because the infection impacts other aspects of the organization. For example, the San Francisco Transportation Authority experienced this type of ransomware firsthand when ransomware infected its ticketing system in November.

The second trend we expect to see in 2017 is the use of ransomware to monetize hacking activities. Some organizations do not take information security as seriously as they should, either because of a lack of resources or because they do not see themselves as a target due to the lack of valuable data, e.g., credit card information or financial data. These organizations might have experienced a breach in the past but might not have been aware because the attack did not affect their systems or operations. Ransomware provides an easy way for attackers to profit from their hacking activities. Small to medium-size businesses that are not prepared will be hurt the most by this trend.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BakerHostetler | Attorney Advertising

Written by:


BakerHostetler on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.