Cybercriminals have changed their tactics when launching ransomware attacks after finding that those targeting businesses offer a much higher return on investment than attacks against consumers, according to new research from Malwarebytes.
In the past year, business ransomware detections increased by 365 percent with Ryuk and Phobos increasing by 88 percent and 940 percent respectively. GandCrab and Rapid ransomware attacks on businesses also increased during the same period with Rapid up by 319 percent and GandCrab up by just five percent.
Malwarebytes' report shows how cybercriminals can reap “serious benefits” by ransoming organizations over individuals as consumers only have a few personal files which could be used for extortion or identity theft while businesses have much more sensitive data they would be willing to pay to regain access to.
- New ransomware spreads via SMS
- Why ransomware is still a pressing threat
- Ransomware attack leaves Johannesburg without power
In terms of countries most targeted by ransomware, the US took the top spot at 53 percent of all detections followed by Canada at 10 percent and the UK at nine percent. In the UK, Manchester had the most ransomware detections followed by Royal Kensington and Chelsea, Reading, Harrow and Leeds.
Although there was a respite in ransomware after the peak in 2017, Malwarebytes' report shows that the threat has come back in a big way as cybercriminals have switched from mass consumer campaigns to highly targeted attacks on businesses.
Director of Malwarebytes Labs, Adam Kujawa provided further insight on the recent resurgence of ransomware and how organizations can protect themselves from this growing threat in a blog post (opens in new tab), saying:
“This year we have noticed ransomware making more headlines than ever before as a resurgence in ransomware turned its sights to large, ill-prepared public and private organizations with easy to exploit vulnerabilities such as cities, non-profits and educational institutions. Our critical infrastructure needs to adapt and arm themselves against these threats as they continue to be targets of cybercriminals, causing great distress to all the people who depend on public services and trust these entities to protect their personal information.”
The firm's researchers predict that “manual” ransomware infections which leverage already-breached networks will increase in the future as attackers can disable security tools and launch ransomware of their own from within these networks. They also expect to see an increase in ransomware attacks that combine downloaded threats from a command and control (C&C) server with worm-like functionality that allows it to spread and Trojan elements that allow the ransomware to avoid detection on corporate networks.
There is good news for consumers however as Malwarebytes expects consumer-focused ransomware attacks to virtually disappear in favor of more lucrative attacks against organizations.
Ransomware isn't going away any time soon and the firm stressed that businesses need to continue to take the ransomware threat seriously or risk falling victim to an attack themselves.
- Also check out the best antivirus software of 2019