June 18, 2019

June 17, 2019

Subscribe to Latest Legal News and Analysis

2017 Saw Ransomware on the Rise – 2018 Will See Even More

It’s fair to say that ransomware exploded in 2017. After inflicting an estimated $350 million in damage in 2015 and $850 million in 2016, at least one source estimates that it hit $5 billion last year. Most prominent among these were WannaCry, which shut down computers in 80 organizations affiliated with Britain’s National Health Service among many other infections, and Not Petya, which attacked many international companies’ computer systems.

Ransomware’s success at blocking users from accessing their own systems and demanding payment in order to restore that access stems from two key developments in the past decade. First, improvements in the strength and adaptability of encryption have given ransomware authors the tools to remotely lock up another person’s system. Second, the development of cryptocurrencies has given them the ability to demand and receive ransom funds that are difficult to trace.

Alarmingly, 2017 witnessed the appearance of the first ransomware worm, a version of ransomware that self-replicated and infects new systems on its own. On the plus side (if there can be such a thing) many of the year’s worst ransomware attacks utilized a known vulnerability in certain Microsoft products, for which Microsoft had already issued patches. Those companies that implemented the patch quickly avoided infection.

While particular vulnerabilities have a short shelf-life, the ability of ransomware to take advantage of newly-identified vulnerabilities and turn them into profitable schemes for unprincipled hackers means this problem is not going away. Right now, it’s estimated that a ransomware attack occurs every 40 seconds. By next year, it’s expected to be down to 19 seconds.

Putting it Into Practice: In addition to being vigilant about emails from unknown sources, make sure your company implements software patches as quickly as it can. This seemingly small administrative issue could save you millions of dollars.

Copyright © 2019, Sheppard Mullin Richter & Hampton LLP.


About this Author

Jonathan E. Meyer, Sheppard Mullin, International Trade Lawyer, Encryption Technology Attorney

Jon Meyer is a partner in the Government Contracts, Investigations & International Trade Practice Group in the firm's Washington, D.C. office.

Mr. Meyer was most recently Deputy General Counsel at the United States Department of Homeland Security, where he advised the Secretary, Deputy Secretary, General Counsel, Chief of Staff and other senior leaders on law and policy issues, such as cyber security, airline security, high technology, drones, immigration reform, encryption, and intelligence law. He also oversaw all litigation at DHS,...