On the Economic Impact of Crypto-ransomware Attacks: The State of the Art on Enterprise Systems

Abstract

According to Cybersecurity Ventures research in 2017, in every 40 s, a business falls prey to a ransomware attack and the rate is predicted to rise to 14 s by 2019. Business organizations have had to pay cybercriminals even up to $1 million in a single attack, while others have incurred losses in hundreds of millions of dollars. Clearly, ransomware is an emerging cyberthreat to enterprise systems that can no longer be ignored. In this paper, we address the various facets of the ransomware pandemic narrowing down to the technical and economic impacts. We formulate an attack model applicable to cascaded network design structures common in enterprise systems, detailing the various susceptible ransomware entry points. We evaluate how the incorporation of asymmetric and symmetric encryption in hybrid cryptosystems with worm-like properties in recent ransomware strains has brought about tragic targeted ransomware attacks campaigns such as WannaCry, Erebus, and SamSam. We also detail the economic impact of ransomware on various businesses in terms of paid ransoms and loss of revenue due to downtime and loss of production. Results show the substantial role played by the Bitcoin cryptocurrency and email as the prevalent attack vector in indiscriminate attack campaigns, while vulnerability exploitation is dominant in targeted attacks. Furthermore, results show that lack of offline backup and poorly implemented offline backup strategies end up costing businesses more than the ransom demand itself. We suggest mitigation strategies and recommend best practices based on the demystified core components of successful ransomware attacks campaigns.