If you ever find yourself a victim of ransomware cyberattack, you will quickly know about it. Some malware goes undetected for months. Some malware quietly sits, stealing login credentials and other data without the user even knowing it is happening. But ransomware is a flamboyant, ‘in-your-face’ kind of malware that ensures its victims are fully aware of its presence. Once infected with ransomware, files and documents across a network and the cloud are encrypted: a pop-up notice on the infected computers then demands a ransom.
In 2020, as well as a pandemic, businesses across the world had to deal with a tidal wave of malware, with 81% of all cyber-attacks that were financially motivated being based on ransomware.
The report behind the finding that 81% of all financially motivated attacks use ransomware, also found that the average ransomware payment increased by 178% in 2020. Ransomware is a lucrative option for cybercriminals looking for a financial payout. In 2020 in the U.S., 676 breaches used ransomware in an attack, this is an increase of 100% on 2019 figures.
Ransomware is an attractive malware type and one that looks set to continue to be used
Here are 5 reasons why is ransomware so successful:
The first ransomware attempt, back in 1989, required the victim to send a cheque for $189 to PC Cyborg Corp. to a post office box in Panama. The advent of cryptocurrency which provides a means to hide money transfers has given ransomware fraudsters the perfect way to obtain money without leaving a trail to find them.
Fraudsters no longer need to be software programmers. Instead, they just rent ransomware in ‘Ransomware-as-a-Service’ (RaaS) packages. These pay-as-you-earn options, made available on the dark web, allow fraudsters to quickly spin up a ransomware campaign. The system works like an affiliate service, the ransomware developer receiving a fee or a share of the proceeds.
Ransomware fraudsters go after managed service providers (MSP) with 4 in 5 MSPs being targeted. SMBs too, are in the sights of the ransomware fraudsters with 1 in 5 smaller firms being a victim of a ransomware attack.
The average payment in Q3 2020 was $233,817.
Ransomware developers are using sophisticated techniques to ensure that the malicious code evades detection by legacy anti-malware tools. Trickbot is a recent example of fraudsters using new tools to avoid detection and removal: Trickbot malware is used to distribute ransomware, acting as a ‘loader’. A recent version update that uses a method of hiding behind legitimate email content, has meant that automated scanning software cannot detect the malware. Ransomware developers are continuously using new methods of delivery, distribution, and execution that cleverly avoid detection by signature-based anti-malware solutions.
Ransomware developers are highly innovative. To counter the threat of sophisticated ransomware (and other malware) campaigns requires similar innovative thinking and smart anti-malware solutions. This requires a combination of threat mitigation measures including:
Ransomware will continue to haunt enterprises of all sizes across all sectors until the food that feeds it is removed. To this end, the FBI does not support the payment of ransoms. However, this is often easier said than done when key business operations are stalled because documents are inaccessible. Instead, prevention is better than any possible cure. By using a combination of secure backups and intelligent anti-malware solutions, even evolving ransomware threats can be mitigated.
Protect your organization from ransomware attacks this year, with multi-layer security. SpamTitan and WebTitan’s advanced threat protection, protects against ransomware attacks. Talk to a TitanHQ team member today and discover how we can help protect your organization. Contact us today.
Sign-up for email updates...