Changing Trends in the Global Ransomware Industry



Before anyone views the headline as sensationalism, please consider this. Until recently, one might have made the argument that ransomware purveyors are a bunch of (admittedly effective) thieves who plunder organizations with regard only for profit. But now, ransomware vendors are moving to organized operations, standardized services, and increasingly sophisticated business models. So, the time has come to admit that IT operations worldwide are confronting a global ransomware industry.

So, what’s new in the world of ransomware? Here are four takeaways from 1H 2019 statistics.

Ransomware attacks are more frequent and expensive 

Ransomware attack costs in all sectors skyrocketed during the second quarter of 2019. Ransoms rose by 184 percent. And, just when we started to dream that ransomware attacks might be fading, they increased again earlier this year. Ransomware attacks were relatively quiet in 2018, with the annual number of attacks down by 91 percent. In 1Q 2019, ransomware attack frequency is up 133 percent compared to the same time in 2018.

New organization and business practices

Anyone in doubt of ransomware practices becoming more businesslike need only look at the newest line of partnerships and licensing programs. Cybercrime as a service is old news. However, the Gandcrab RaaS Dashboard Essential licensing program offers the latest in malware payment convenience. Hackers pay a modest fee to infect 200 victims for a two-month period. Developers also offer malware source code licensing. Buyers tweak the malware to make it invisible to anti-malware programs

Shift in targets and tactics

Not too long ago, most ransomware attacks hit SMBs and city and state governments. Now, attack trends move toward enterprises, the so-called "big game" targets. Cybercrooks have figured out that they can make more money going after larger organizations. More than four of every five ransomware infections in 1H 2019 were aimed at enterprises, Ransoms of these choice targets range from hundreds of thousands to millions of dollars.

Tactics have changed, too. Rather than making straight-ahead, high-volume attacks, modern ransomware exploits move laterally within networks and install malware throughout the enterprise. Malware behavior resembles targeted intrusion attacks by China or Iran and a trend toward carefully targeted and customized exploits, which make new-generation ransomware attacks more organized and profitable.

More organizations are saying, “No way!”

In recent months, US cities in Massachusetts, Texas, Louisiana, Florida, and Georgia have been targets for ransomware gangs. The New Bedford case provides a news-worthy profile of a city government that said no to ransomware crooks and survived to tell the tale.

Although ransomware attacks are more frequent than in 2018, more and more victims are heeding expert advice to not pay the ransom. The New Bedford attack began with a ransom demand of a whopping $5.3 million. City officials made a $400,000 counteroffer, which was refused.

The New Bedford mayor and IT staff were undismayed; they decided to rebuild their IT ops from backups and they were lucky. There were few infected systems, and none supported essential government functions. The important point, however, was that the New Bedford IT staff had an ace up their sleeve: backups.

Layering Ransomware Control Methods

Given the higher attack frequency, power, and success rates of ransomware attacks, it’s vital for IT and security teams to continue using effective anti-malware tools and methods. Although these approaches can be effective, they are not new. As often is the case in cybersecurity, the most effective solutions are known. The best that anyone can do is use the tools, tactics, and consistent enforcement that’s been suggested by security experts for years.

These methods include:

User education. It’s time to start or continue educating users to recognize and avoid the techniques that ransomware distributors use. This includes teaching caution about online ads and the email links they click, attachments that they open, and web sites they visit.

Network and security hygiene. Network-wide, security hygiene measures remain effective deterrents. They include network segmentation, keeping anti-malware software at endpoints up-to-date, and software updates for known OS and app vulnerabilities.

Backups, the old reliable. It might be downright old-fashioned but routine, frequent backups remain the most reliable defense against ransomware. Consistently enforced backup routines and copies of essential business data kept offsite, locally, and in the cloud are your best bets for success. With this approach, if your network is hit, you just identify the beginning of the exploit and restore systems by using clean backups generated before the attack.

Layered protection. Using several or all these measures at once offers the most complete protection against ransomware exploits. Network-wide coverage, consistent updates of OS and app software, and heightened user awareness are what it takes to keep modern ransomware thieves out of your network.

However, you don’t have to piece together an on-premises, anti-ransomware program. Third-party protection and mitigation services combine the latest protection methods, automated scheduling and monitoring methods, and the cost-effectiveness of cloud-based support.