05/09/21 09:32:04 PM
Kasperksy has reported that ransomware attacks that took place during a two-year stretch have increased nearly eightfold.
This kind of malware that cybercriminals use to extort money from high-profile targets, such as corporations, government agencies, and municipal organizations has become more rampant by a whopping 767 percent. This occurred despite having a 29 percent decrease in the overall number of users affected by any kind of ransomware.
Wannacry is the most frequently encountered family, while Cryptolocker also joins them in being part of the massive rampage that eventually became part of the mainstream news items in the 2010s. These cyber threat actors encrypt the private information of their victims and hold it to ransom, and oftentimes requested relatively small amounts from victims to have their files returned.
Over the years, these campaigns have been on the decline. In fact, from 2019 to 2020, the total number of users that have been affected by ransomware cases across all platforms declined from 1,537,465 to 1,091,454—a decrease of 29%. Alongside this decline, however, was a rise in targeted ransomware attacks.
This scheme is often aimed at high-profile targets, such as corporations, government and municipal agencies, and healthcare organizations – with the sole goal of extorting money. This time around, though, the attacks come in significantly more sophistication (network compromise, reconnaissance, and persistence, or lateral movement) and a much larger payout.
In the 2-year period that saw a 7667 percent increase in ransomware attacks, there are at least four groups involved as culprits: Maze, the infamous group involved in several loud incidents; and RagnarLocker, also covered in the news. These two groups began the trend of exfiltration of data in addition to encrypting it and threatening to make the confidential information public if the victims refused to pay.
Meanwhile, WastedLocker also made front-page headlines with similar incidents, with many of these are specifically designed to infect each individual target.
Despite the rise in targeted ransomware, the ransomware family most frequently encountered by users is still WannaCry, the ransomware Trojan that first appeared in 2017 and led to damages of at least $4 billion across 150 countries. Though from 22% in 2019, users that encountered this family of ransomware have decreased to 16% in 2020.
“The ransomware landscape has fundamentally changed since it first became big news in the security community. We’ll most likely see fewer and fewer widespread campaigns targeting everyday users. Of course, that’s not to say users aren’t still vulnerable. However, the primary focus will likely continue to be on companies and large organizations, and that means ransomware attacks will continue to become more sophisticated and more destructive. It’s imperative that businesses adopt a holistic, comprehensive set of security practices to protect their data,” commented Fedor Sinitsyn, a security expert at Kaspersky.
To protect your company from ransomware, Kaspersky experts recommend that you:
1. Always keep software updated on all the devices you use to prevent ransomware from exploiting vulnerabilities.
2. Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminal connections.
3. Backup data regularly. Make sure you can quickly access it in an emergency when needed.
4. Carry out a cybersecurity audit of your networks and remediate any weaknesses discovered in the perimeter or inside the network.
5. Explain to all employees that ransomware can easily target them through a phishing email, a shady website, or cracked software downloaded from unofficial sources. Ensure staff remain vigilant at all times and check their knowledge with tests.
Along with proper endpoint protection, dedicated services can help against high-profile ransomware attacks. Kaspersky Managed Detection and Response proactively hunt for attacks and helps to prevent them in the early stages, before attackers reach their final goals.
Know more of the report involving these massive ransomware cases on Securelist.
Author: slickmaster | © 2021 The SlickMaster's Files
No comments:
Post a Comment
Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!