Ransomware attacks have matured over the years, adopting more stealthy and sophisticated techniques, while at the same time fixing many of the implementation errors that earlier iterations had. Moreover, some attacks are now gaining a new data leak component, which exposes companies to more than the traditional data loss associated with ransomware.

The trends observed over the past year indicate that these attacks are not going away and are likely to increase in frequency.

Shifting targets

Ransomware started out as a consumer threat, representing an aggressive evolution over the scareware attacks that used to trick people into paying fake fines or buying rogue software to fix non-existent issues. While the early campaigns proved profitable for cybercriminal gangs, the consumer ransomware landscape became crowded. As consumer antivirus firms improved their ransomware detection capabilities, casting a wide net to gain as many victims as possible became a less effective technique.

In a report released in August 2019 that looked at the ransomware evolution between Q2 2018 and Q2 2019, security firm Malwarebytes noted that “this once dangerous but recently dormant threat has come back to life in a big way, switching from mass consumer campaigns to highly targeted, artisanal attacks on businesses.”

Over the analyzed period, the number of ransomware detections in business environments rose by 365%, while consumer detections declined. That trend continued for the rest of the year, according to Adam Kujawa, director of Malwarebytes Labs. “We’re seeing an overall focus on businesses and an increase in all kinds of infection methods,” he tells CSO. “A big part of that is that it’s easier today to infect a business than it was a few years ago and the EternalBlue and other exploits certainly had something to do with that.”

EternalBlue is an exploit for a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol that was patched in March 2017 and affected all versions of Windows. It was the primary propagation method through corporate networks for the WannaCry, NotPetya and other ransomware worms that crippled many organizations worldwide during 2017.

“It might not be the sole reason why we see such an increase in business focus for these types of attacks, but I think that what happened with WannaCry and NotPetya revealed the underbelly of enterprise security,” Kujawa says. Before that, many people might have assumed that these are big companies, with security teams and it’s hard for hackers to break in, but seeing how massive and damaging those attacks were — and not because of misconfigurations, but because of not patching in time — might have convinced more cybercriminals that it’s worth going after businesses instead of consumers, he says.

Impact unknown

Since private companies are not always required legally to disclose ransomware incidents, the impact of ransomware attacks on the business sector is hard to quantify, both in terms of cost and prevalence. It’s also hard to say how often such victims decide to pay the ransom, but it’s clearly enough for cybercriminals to keep investing in this threat.

Source link

Write a comment:

Your email address will not be published.