A spike in both the number and sophistication of the ransomware attacks specifically targeting businesses is likely to get worse before it gets better.
A new report from Malwarebytes finds ransomware detections against businesses between the second quarters of 2018 and 2019 rose by 363%. While most cybersecurity professionals are now all too familiar with ransomware variants such as WannaCry, NotPetya, EternalBlue and EternalRomance, it turns out new families of ransomware such as GandCrab, Ryuk, Phobos, Troldesh, Rapid and Locky are proving to be more lethal to businesses. In fact, the Malwarebytes report finds there was an 88% increase in Ryuk detections over last quarter, while Phobos detections increased 940% from the first quarter of 2019.
The sophistication of these attacks is also markedly increased as well. The Malwarebytes report notes some of these ransomware variants now only deploy at a specific time rather than waiting for a user to click on a link. Other types of ransomware launch as a second or third payload hidden involving a blended threat that usually starts with some form of a Trojan attack. Ransomware is also in some cases still executed manually, which makes its identification and removal even more difficult. In effect, cybercriminals are employing a mix of old and new tactics to launch their ransomware attacks.
The report notes that most of the attacks detected are being found in the U.S (53%%), with Texas having the most detections in the U.S.New ransomware report: Most attacks detected are being found in the US, with #Texas having more than any other state. Click To Tweet
Going forward, Malwarebytes predicts manual infections and blended attacks will continue to increase. There will also be more email attacks that take advantage of not just technical vulnerabilities but also human ones as well, the report notes.
As ransomware attacks target businesses more the pressure to unify cybersecurity and data protection processes is only going to increase. Backup and recovery software solutions are still the most effective way to thwart ransomware attacks trying to encrypt an organization’s data. In an ideal world, the detection of a ransomware attack would automatically trigger a backup of data before it becomes encrypted. At the very least, there should always be a pristine copy of an organization’s most valuable data readily available. Unfortunately, backup is one of those IT processes that easily gets forgotten. Because of that simple human foible, IT teams should look to automate backup and recovery processes wherever they can.
In the meantime, complacency is always going to be any organization's worst enemy. Cybercriminals are never going to stop launch new variants of ransomware attacks. It’s simply too lucrative an opportunity for them to ignore. They are counting on the fact that at some point someone in the organization will have failed to back up a critical piece of data. They are also hoping someone in that organization won’t have enough courage of their convictions to accept the loss of that data. The cost of launching ransomware attacks is nominal so it only takes a few ransom payments for cybercriminals to see a return on their investment. The challenge cybersecurity professionals face is making sure that when those attacks inevitably do arrive, the organization is prepared to just shake them off like the form of pestilence they really are.
The Barracuda Email Threat Scanner is a free online service that scans all your Office 365 emails and identifies these dormant threats without any impact on your system’s performance.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.