The Proliferation of Ransomware & What You Can Do About It

February 11, 2020


Written by Thomas G. Stephens, Jr., CPA, CITP, CGMA

(Be sure to join Tommy and ISCPA for the Annual Tech Conference Sept 28 & 29!)

One of the most – if not THE most – significant issues in information security during 2019 was the proliferation of ransomware. Unfortunately, this trend is likely to continue in 2020. Therefore, let us examine some ransomware statistics so we can prepare to defend our data.

What is Ransomware?

Ransomware is a form of malware that, as its name suggests, takes your data hostage, and holds it for ransom. Typically, ransomware encrypts all your data so that you cannot access it. Once the encryption is complete, the cybercriminals notify you and demand a ransom payment. If you pay the ransom, presumptively the cybercriminals provide with the encryption key to regain access to your data. However, in some cases, the cybercriminals extort the ransom from the you and never supply the encryption key. In these situations, your data is lost forever.

Of course, you should make every reasonable effort to prevent ransomware from infecting your systems in the first place. We discuss some of these preventive controls later in this article. But, in the event your systems do become infected, are there options for recovering your data without paying the ransom? In short, YES! If you have proper backup controls in place, you can restore your data from those backups. Unfortunately, sometimes poor backup procedures are in place and the ransomware encrypts the backups too. Similarly, sometimes these same poor backup procedures mean that no recent backup is even available. In situations, such as these, paying the ransom becomes a virtual – albeit, distasteful – reality.

Ten Chilling Statistics about Ransomware

The proliferation of ransomware over the past few years has placed near the top of the list of cybercrimes. To gain an appreciation just how widespread ransomware is today, consider the following statistics about ransomware.

  1. The cost of a ransomware attack continues to escalat For example, Datto reports that ransomware costs businesses more than $75 billion annually. Similarly, Sophos reports that the average cost of a ransomware attack on a single business is now $133,000.
  2. The rate of ransomware attacks also continues to escalat As an example, Phishme reports that ransomware attacks have increased 97% over the past two years.
  3. Cybersecurity Ventures estimates that a new business will fall victim to ransomware every 14 seconds during 2019.
  4. Phishing  remains  a  popular  way  of  committing  ransomware  a  ransomware  attack. Webroot indicates that cybercriminals create 1.5 million new phishing sites every month. Further, Phisme reports that during 2019, ransomeware from phising emails increased 109% over 2017.
  5. The healthcare industry is  a favorite target of  ransomware attack As reported by Beazley, almost half of all ransomware incidents reported in 2018 involved healthcare companies. Healthcare IT News reported that 18% of healthcare devices have been the target of malware. Additionally, a report by CSO Online estimates that the number of attacks on healthcare related companies will quadruple by 2020.
  6. Governmental organizations are becoming increasingly popular targets of ransomware attack During the summer of 2019, at least twenty-three municipalities in Florida and Texas fell victim to ransomware. Previously, major cities such as Atlanta and Baltimore became victims. In the case of the Atlanta attack, remediation costs are reported by the Atlanta Journal-Constitution to be as high as $17 million.
  7. Ransomware  attacks  are  not  limited  to  Windows-based    Fortinet,  for  instance, expects that mobile malware, banking malware, and ransomware will prove to be the top security threats of 2019.
  8. As reported by Carbonite, ransomware often attacks small businesses through unsecured Remote Desktop Protocol (RDP) ports on Windows-based A recent report by indicated at least 3.3 million computers worldwide that are exposed through open RDP ports; one-third of those devices are in the United States.
  9. Another popular form of a ransomware attack is plant links to the malware in email message One study published by Newsweek indicated that approximately 50% of all people will click on links from unknown persons.
  10. As reported by SafeAtLast, more than 77% of businesses affected by ransomware were using up-to-date protection. This clearly indicates that traditional forms of anti-malware protection are not effective against the scourge of ransomware.

How to Protect Your Business Against Ransomware

As is almost always the case with cybersecurity issues, no single method is adequate to reduce the proliferation of ransomware. Instead, you should use a multi-layered approach to address and reduce your risk.

Following are some of the common sense steps that you should engage to reduce the probability that you will fall victim to an attack.

  1. Plan for the worst, by assuming that you will become a vict Against that backdrop, address your backup procedures to determine that they are adequate in today’s environment and allow you to restore your data in case of an attack. Ensure that your backups are stored offline.
  2. Train your team members not to click on links and attachments in emails from unknown part Reinforce this training on at least a quarterly basis.
  3. Ensure that all computers remain updated and patched to reduce the threats of vulnerabilities in the operating systems or installed applications.
  4. Consider implementing a “whitelisting” approach to securit Using whitelisting tools, such as AppLocker found in Windows, you can control which applications can run on a computer. Thus, even if ransomware infects a device, unless the whitelisting software in use has authorized the ransomware to run, your data should remain safe.
  5. Stay informed on developing trends in ransomware. No doubt, this threat will continue to evolve and yesterday’s techniques will not be adequate to protect against tomorrow’s threats. Therefore, don’t view securing your data as a one-time project; instead, consider securing your data a never-ending process.


Ransomware is nothing new; in fact, ransomware dates all the way back to 1989. However, ransomware has exploded over the past five years and its proliferations shows no meaningful signs of slowing down. For victims, ransomware exacts an extraordinary toll, costing potentially millions of dollars and creating crippling customer/client service issues. Therefore, immediately assess the risk of becoming a victim and act appropriately to reduce that risk to an acceptable level. The very existence of your business could depend upon it.

Tommy Stephens is a shareholder in K2 Enterprises, where he develops and presents continuing professional education programs to accounting, financial and other business professionals across North America. You may reach him at and you may learn more about K2 Enterprises by visiting

← View All News