More targeted, sophisticated and costly: Why ransomware might be your biggest threat

Ransomware has matured and its threat level is now on par with APTs as attackers use better tools and learn from past mistakes.

IDG Tech Spotlight  >  Security  >  Why ransomware might be your biggest threat [CSO]
Zephyr18 / Getty Images

Ransomware attacks have matured over the years, adopting more stealthy and sophisticated techniques, while at the same time fixing many of the implementation errors that earlier iterations had. Moreover, some attacks are now gaining a new data leak component, which exposes companies to more than the traditional data loss associated with ransomware.

The trends observed over the past year indicate that these attacks are not going away and are likely to increase in frequency.

Shifting targets

Ransomware started out as a consumer threat, representing an aggressive evolution over the scareware attacks that used to trick people into paying fake fines or buying rogue software to fix non-existent issues. While the early campaigns proved profitable for cybercriminal gangs, the consumer ransomware landscape became crowded. As consumer antivirus firms improved their ransomware detection capabilities, casting a wide net to gain as many victims as possible became a less effective technique.

In a report released in August 2019 that looked at the ransomware evolution between Q2 2018 and Q2 2019, security firm Malwarebytes noted that "this once dangerous but recently dormant threat has come back to life in a big way, switching from mass consumer campaigns to highly targeted, artisanal attacks on businesses."

Over the analyzed period, the number of ransomware detections in business environments rose by 365%, while consumer detections declined. That trend continued for the rest of the year, according to Adam Kujawa, director of Malwarebytes Labs. "We're seeing an overall focus on businesses and an increase in all kinds of infection methods," he tells CSO. "A big part of that is that it's easier today to infect a business than it was a few years ago and the EternalBlue and other exploits certainly had something to do with that."

EternalBlue is an exploit for a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol that was patched in March 2017 and affected all versions of Windows. It was the primary propagation method through corporate networks for the WannaCry, NotPetya and other ransomware worms that crippled many organizations worldwide during 2017.

"It might not be the sole reason why we see such an increase in business focus for these types of attacks, but I think that what happened with WannaCry and NotPetya revealed the underbelly of enterprise security," Kujawa says. Before that, many people might have assumed that these are big companies, with security teams and it's hard for hackers to break in, but seeing how massive and damaging those attacks were — and not because of misconfigurations, but because of not patching in time — might have convinced more cybercriminals that it's worth going after businesses instead of consumers, he says.

1 2 Page 1
Page 1 of 2
21 best free security tools to make your job easier