Assessing the impacts of a global ransomware attack
- Published: Thursday, 31 January 2019 18:19
A new report published by Lloyds explores the impacts and economic costs of a future highly effective ransomware attack and concludes that the global economy is not ready to deal with such an attack.
The report, ‘Bashe attack: Global infection by contagious malware’ explores a scenario in which a ransomware attack is launched through an infected email, which once opened is forwarded to all contacts and within 24 hours encrypts all data on nearly 30 million devices worldwide.
The report estimates a cyber attack on this scale could cost $193bn and affect more than 600,000 businesses worldwide; and states that the global economy is underprepared for these types of incident, with 86 percent of the total economic losses uninsured, leaving an insurance gap of $166bn.
The report is a new publication from the Cyber Risk Management (CyRiM) project, the Singapore-based public-private initiative that assesses cyber risks, of which Lloyd’s is one of the founding members.
Comments about the report
Trevor Reschke, Head of Threat Intelligence at Trusted Knight:
“The potential for a devastating attack is growing every year - with wide-scale cyber attacks already being considered one of the most dangerous threats to the world in 2019 - and this report shows how this could translate into huge financial damage. Part of the reason that cyber threats have grown so high is just how accessible the tools for carrying out attacks have become and there isn’t much restriction on who can launch one. It’s widely possible to, for example, buy malicious code on the dark web - so anyone from an established hacking group, to a lone amateur trying their luck for the first time, can give it a go.
"Additionally, as almost all businesses now operate online in some capacity, the range of organizations vulnerable to such attacks has grown significantly. Any and all sectors could be a target, from banks and other financial institutions to healthcare organizations - essentially if there is money to be made, many enterprising individuals are likely to have a go. Organizations must train their staff to be as prepared as possible to protect against hackers - with training occurring regularly and being updated to reflect the quickly evolving methods of hackers. Businesses must also ensure that they are protecting themselves and their customers sufficiently - preventative tools are the most necessary step."
Ed Macnair, CEO, CensorNet:
“There’s no doubt that the cost of cyber attacks is going up and that, should an event like this occur it would be devastating, but this seems like the very worst-case scenario. This research has been based on a phishing attack and the kind of spread they are talking about would be prevented if just a couple of companies had email security in place. The chances are many more than that do. Of course, phishing attacks are getting smarter and can catch out even the savviest, but modern security tools can also prevent such a rapid propagation of infection.
“Security tools have got much smarter over the last few years with more and more integration, and could, in theory, be picked up by an email security tool and blocked from being sent on, then email security speaks to a web security tool, and malicious links are blocked from opening in web clients. Cyber insurance is a good idea to have, but without preventative tools in place it’s the same as insuring your home contents and leaving the door unlocked. It’s there as a back-up and, if you do everything right, shouldn’t be needed.”
Darin Pendergraft, VP of Product Marketing, STEALTHbits Technologies:
"The damage control for this type of attack sits within every company – and depends on the privilege level of the employee’s user account. Right now, it's highly common to find that regular users have Administrative rights on their PCs. This allows email viruses that are opened to run with Administrative privilege – allowing them to become highly aggressive and to infect hundreds of other PCs and to even spread outside the organization.
"A Least Privilege Access Model (LPAM) recognizes that not all users need Administrative access on their PCs, in fact, most don’t need it at all. In the case of ransomware and many other types of malware, the more access a compromised user has, the greater the damage.
"Achieving LPAM in most organizations is not difficult. Maybe Lloyds' findings will wake companies up to this. Right now, too many companies give users Administrative level permissions on their PCs - which is the digital equivalent of storing large quantities of gasoline in your family home... it's just asking for trouble!"