This Year in Ransomware Attacks – August 2019
by Robert Bond
Ransomware Attacks on Businesses Up Over 300% in 2019
The Cybercrime Tactics and Techniques Ransomware Retrospective Report
The Cybercrime Tactics and Techniques; Ransomware Retrospective report just released by Malwarebytes suggests cybercriminals are increasingly targeting businesses with ransomware rather than consumers in search of more Bitcoin per attack.
The Growing Threat of Ransomware Report
As we discussed in our just released and very popular 33 page report on the Growth of Ransomware, the malware is often delivered through phishing and now more commonly spear phishing emails and locks hard drives or other parts of the computer that makes data assets virtually impossible to access and of course demands a ransom to release the data. While ransomware started as a problem for consumers it has evolved into the malware of choice to blackmail businesses and government agencies. The ransomware attacks on businesses have shown to give cybercriminals more lucrative targets than consumers according to the report.
Ransomware is Targeting Businesses Increasingly
Businesses, especially in fields like government services, education and some healthcare organizations often have poor security practices leaving systems unpatched for long periods of time, allowing hackers to use known vulnerabilities to slip the malware through perimeter defenses and lock critical data.
According to the Malwarebytes report, business detections of ransomware rose 365% from Q2 2018 to Q2 2019, while attacks on consumers decreased by 12%.
Cybercriminals are searching for higher returns on their investment, and they can reap serious benefits from ransoming organizations over individuals, who might yield, at best, a few personal files that could be used for extortion or identity theft,” the report stated. “Encrypting sensitive proprietary data on any number of endpoints allows cybercriminals to put forth much larger ransom demands while gaining an exponentially higher chance of getting paid.
Government Agencies, Healthcare and Education Have Been Lucrative Targets
There have been a variety of high-profile attacks in just the last few months. Lake City, Florida paid $530,000 in bitcoin to cybercriminals to unlock its data in June and fired its IT manager for not protecting the organizations from the attacks. It followed an attack on another Florida city, Riviera Beach, which paid $600,000 to unlock encrypted files.
The strain of ransomware wreaking havoc is called Ryuk. It was unleashed by a Russian-based organized crime group called Grim Spider in a year ago. It is estimated that Ryuk earned it’s the Russians more than $3.7 million in its first four months.
Ryuk and Phobos are the top ransomware families attacking businesses, and increased by 88% and 940% over Q1 2019, respectively, according to the report. Gandcrab and Rapid business detections also increased year over year, with Rapid rising 319% over Q2 2018. However, business detections of GandCrab decreased by 5% in Q2 2019.
Small Business are the Next Likely Targets
The report further suggested that it was likely that ransomware campaigns would continue to target businesses over consumers. From our perspective, because of the success of the most recent government attacks in Florida, Baltimore, and Atlanta additional attacks on small city government agencies are very likely.
June 23, 2020
April 27, 2020