If you thought it was bad when the FBI reported last year that ransomware was on the rise, you should read the forecasts for this year. According to SonicWall\u2019s most recent Annual Threat Report, \u201cransomware attacks grew 167 times since 2015, from 3.8 million in 2015 to 638 million in 2016.\u201dThis year, TrendMicro sees a 25-percent growth in the number of new ransomware families available for use in breaches. Reports of the encroachment of ransomware on government, law enforcement, critical infrastructure, and health and safety are already climbing.CSO details the victims, ransomware and what has changed, what is at stake, and how to shunt ransomware attacks.Ransomware revolution: victims unlimitedSeveral factors affect what entities attackers choose as they use ransomware more profitably. Whether an organization oversees lots of critical data or infrastructure is a factor. \u201cDated systems that contain vulnerabilities that the industry did not consider when the systems were developed control a great deal of critical infrastructure,\u201d says Brandon Gunter, IT consulting senior manager at Moss Adams.These vulnerabilities and the severity of encrypting critical infrastructure are attractive to criminal hackers. In July, RockwellAutomation reported a ransomware attack on the \u201cmanufacturing automation industry\u201d in the form of a malicious file named \u201cAllenbradleyupdate.zip\u201d containing ransomware malware. These incidents are already occurring.The ability to affect larger numbers of people is a factor. \u201cEvery government branch has millions of Americans\u2019 data. The DMV has plenty of PII,\u201d says Tyler Moffitt, senior threat research analyst at Webroot. Surround those millions of records with ransomware and either the DMV will have to effectively recover it or pay the ransom to avoid the damage to Americans. Ransomware took down more than 2,000 San Francisco Municipal Transportation Agency fare payment systems for subway trains in November, leaving passengers abandoned.The urgency with which agencies must restore access to data and systems is a factor. \u201cConsider a ransomware attack on a police network or 911 dispatch center, making those civil functions inoperable could result in many criminals getting away with preventable crimes,\u201d says Kevin Hyde, managing director at Layer8. Driven to get back online, these agencies could be tempted to pay a ransom quickly. Ransomware has been hitting police departments since 2013. Some ransomware is \u201cso impenetrable that even FBI agents have at times advised victims to just pay up and get their data back.\u201dThe list of organizations and systems affected by some or all of these factors is lengthy. The list includes the Department of Defense, financial institutions, large retailers, power grids, water treatment plants, government agencies, law enforcement, and street security cameras, which comprise critical infrastructure and\/or house valuable data, according to our experts.What has changed?Larger sites and companies are increasingly more attractive victims of ransomware for many reasons. It has been feasible for ransomware to enslave critical infrastructure since the industry began connecting its vulnerable control systems to the internet. The growing prevalence of IoT and the mounting pressure to manage systems more effectively is leading the industry to purposefully or unintentionally connect many critical systems to the internet through backend organizational networks, putting them at risk, says Gunter.Meanwhile, bigger and more profitable ransomware targets have become appealing to attackers as profit from other areas levels off or declines. \u201cData breaches have become so prevalent that cyber criminals have had difficulty finding buyers of data on the Dark Web. So, they are turning back to the victims themselves to sell back their stolen or encrypted data,\u201d says Justin Fier, director of cyber intelligence and analytics at Darktrace.Company functionality, reputations, and profitability are at stake with ransomware. \u201cRansomware encrypts essential documents such as customer data or for example the labeling machine required for shipping out products,\u201d says Moffitt. What is a company to do when it can\u2019t maintain trust with customers and can\u2019t deliver its goods?Public health and safety are at risk with ransomware. \u201cThe next generation of ransomware will focus on denying basic resources such as clean water, electricity, gas, and sewer systems,\u201d says Gunter. Some degree of societal breakdown is foreseeable here.Consumer confidence, privacy, and identities fall victim to ransomware. \u201cWe are entering an era of trust attacks where threat actors work to undermine credibility and faith in our institutions. If consumers can\u2019t trust an organization to keep their PII secure, how does the company recover?\u201d asks Fier, who held mission-critical security roles with Lockheed Martin, Northrop Grumman Mission Systems, and Abraxas.Time, effort, and investment are all at stake. \u201cCompanies can sink significant resources into recovering from a ransomware attack as with any other kind,\u201d says Hyde. So you pay whether you pay the ransom or simply suffer the impact of lost data.More ransomware? No, thank you!Since ransomware will eventually find your enterprise, prepare by implementing an information security governance model that you align with the business objectives and the risk assessment of an organization, says\u00a0Gunter, who held security positions with Deloitte, KPMG, and Clearwire. \u201cUse a security road map, implementation strategy, and security breach response plan to better protect critical systems and drive down risk."The enterprise should then continually identify risks as these occur, implement risk remediation and mitigation strategies, secure operations, monitor and identify new risks, and come full circle to update and improve the security strategy and road map, explains Gunter.Enterprises should then take several practical steps down-in-the-trenches to mitigate ransomware, including mature endpoint security measures. \u201cReputable, multilayered endpoint security that protects web browsing, controls outbound traffic, safeguards system settings, proactively stops phishing attacks, and continuously monitors the individual endpoint can prevent malware infections and ransomware,\u201d says Moffitt.The business should ensure that its business continuity\/disaster recovery plan and backup and recovery tools are entirely separate from the data and systems that could fall under attack by ransomware. \u201cThere are many automated on-site and cloud-based backup solutions that will leave you with options even if ransomware hits network drives,\u201d says Moffitt.There are measures to address ransomware that starts with phishing emails that contain macros, which prerecord commands that will run automatically, in this case unleashing malware and, ultimately, ransomware attacks. You can disable macro functionality in the trust center in Microsoft Office.There are maneuvers for isolating harmful file activities. In Microsoft Windows, you can use policy settings to restrict actions by potentially malicious files with specific extensions, such as .exe for executable files, inside directories where this presents a risk during a ransomware infection. \u201cIt\u2019s not 100-percent effective, but if you can reduce the number of variants that could pose a threat by even 20 percent, it will be well worth the investment,\u201d says Moffitt.Ransomware attacks can include abuses of the Remote Desktop Protocol (RDP) port, port #3389. By changing the port assignment for remote desktop applications and encrypting it where possible, you can mitigate exploits that use this vector, according to Moffitt.There are solutions in addition to backups for organizations whose data is already locked. Resources such as No More Ransom can help enterprises to unlock encrypted systems using keys and software tools that can (in some cases) decrypt locked data.User education is always a necessity and a great opportunity to make a dent in the user errors that make these attacks possible. \u201cMalware will continue to thrive and be a viable business as long as staff are unaware and uneducated about the risks of the internet. Providing the basics will protect users at home and in the office,\u201d says Moffitt.According to Hyde, who brings extensive experience with the National Security Agency and U.S. Cyber Command, enterprises should whitelist good sites, blacklist known bad sites, and continually update these based on suspicious traffic. \u201cThe enterprise should invest in applied forensics and threat intelligence services, lock down user accounts, prevent writing to system files and settings, and keep a detailed image of base computer systems for immediate deployment,\u201d says Hyde.\u201cRansomware is devastating and damaging regardless of the target,\u201d says Fier. Future attacks on critical infrastructure and business reputations could end some companies and degrade our quality of life.Head over to Facebook to add your comments.