Issue link: https://insights.oneneck.com/i/1093615
CHAPTER 1 What Is Ransomware? 7 The Ponemon Institute reports that the average cost of a data breach for targeted organizations is approximately $6.5 million. Cybercriminals typically sell stolen credit card and identity information on the dark web — anonymous web content (such as black market drug sales, child pornography, cybercrime, or other activities attempting to avoid surveillance or censorship) that requires special software, configuration, and/or authoriza- tion for access — for as little as a few cents to several dollars per record. The 2015 Cost of Cyber Crime Study by the Ponemon Insti- tute reported that the average selling price for stolen U.S. credit card data is approximately $0.25 to $60 per card. By comparison, a cybercriminal can make several hundred dollars to tens of thou- sands of dollars from ransoms directly paid to them by individual victims and organizations. The actual cost to victims of identity theft and credit card fraud was estimated in Javelin Strategy and Research's 2016 Identity Fraud Study to be $15 billion in 2015. The study also reveals that, although the number of U.S. victims of identity theft and credit card fraud has remained relatively steady since 2012, averaging approximately 12.8 million individual victims, fraud losses have declined by approximately 25 percent — meaning profits for cybercriminals, while still significant, are also declining. In contrast to the declining trend in identity theft and credit card fraud, the FBI reported a tenfold increase in ransomware crimes over the previous year during just the first three months of 2016. The cost to U.S. victim organizations and businesses is conserva- tively estimated to be more than $200 million, putting ransom- ware on pace to be a $1 billion crime in 2016. Understanding How Ransomware Operates Ransomware is commonly delivered through exploit kits, water- hole attacks (in which one or more websites that an organization frequently visits is infected with malware), malvertising (mali- cious advertising), or email phishing campaigns (see Figure 1-2). These materials are © 2017 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited.