BitSight Insights

The Rising Face of Cybercrime: Ransomware

Noah Simon | September 21, 2016

Ransomware has been all the talk lately in the security industry- and deservedly so. These attacks have surged in the last year: hospitals, banks, and local police departments have all been infected with ransomware. Organizations have been paralyzed for days and weeks as a result of ransomware infections. In March, a MedStar Health clinic in Baltimore reportedly turned away patients and had trouble accessing electronic medical records. In a separate incident, the University of Calgary paid a $20,000 ransom earlier this year after malware encrypted the university's email servers. In addition to a financial loss for organizations that decide to pay ransoms, these attacks have the potential to cause severe operational disruptions for companies.

Thus far, criminals have cast a wide net, often distributing a malicious attachment to millions of email addresses in hopes of successfully infecting machines. These attacks have largely been opportunistic, often infecting organizations that have poor security hygiene. Many experts believe ransomware will only become more targeted, and more damaging as time goes

Security Performance Over time

In our latest BitSight Insights report The Rising Face of Cyber Crime: Ransomware, BitSight researchers set out to understand the spread of ransomware and which industries see the most infections. To put ransomware into greater context, we first observed the security performance of key industries of the last year.



Financial Services companies continue to exhibit excellent security performance, while the Education sector continues to struggle. Although some industries improved their security performance over the last year, data breaches were widespread in all industries, as were ransomware attacks.

Popular strains of ransomware

In this report, we observed the frequency of ransomware infections by looking at five well-known strains of the malware. Three of these variants are especially worth noting. Nymaim, a trojan that can be used to install a variety of malware, is typically associated with ransomware. Infections of Nymaim were high across all industries, with more than 11% of Education exhibiting infections. Locky, a strain of Ransomware discovered earlier this year, has already penetrated many Education, Government, and Retail organizations. Lastly, Matsnu, another type of Trojan malware that can remotely download and execute files, was relatively common across all industries.


what does it mean for businesses?

While ransomware is just one of many cyber threats affecting companies around the world, it is important that organizations take steps to mitigate the risk of being infected. Download our report to learn which steps are vital to reducing this threat.


Suggested Posts

Data Insights on the BlueKeep Vulnerability

On May 14th, Microsoft issued a warning about the BlueKeep vulnerability (CVE-2019-0708) affecting Remote Desktop Services Protocol (RDP), a component common in most versions of Microsoft Windows that allows remote access to its graphical...


Cybersecurity in Europe is Improving: Thank You GDPR?

After years of debate over whether to impose new cybersecurity regulations on companies,  General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay...


Security Ratings of U.S. Federal Agencies & Government Contractors

The federal government relies on tens of thousands of contractors and subcontractors — often referred to as the federal “supply chain” — to provide critical services, hold or maintain sensitive data, deliver technology, and perform key...


Subscribe to get security news and updates in your inbox.