The Trends of Ransomware
Ransomware Trends to Know
Ransomware has become one of, if not the, biggest threats to the world. The rapid development of AI, big data, IoT, and blockchain technologies have accelerated the evolving of ransomware, creating a demand for more stringent data protection security standards.
Let’s look at the trends of recent ransomware attacks.
1. Targeting Critical Infrastructure
Attacks are largely centered on large enterprises and infrastructure. While previous ransomware attacks cast a wide net, 2020 sparked a new era where professional hackers selected large enterprises and infrastructure as their targets. Specifically, those who possess high-value data and operate in coordination to national economy and society as a whole.
Finance, healthcare, and scientific research are all sectors often targeted by cyberattacks. Healthcare, in particular, is the worst-hit area for extortion due to its wide-ranging implications. For example, hospital systems that are forced offline not only leads to bad reputation, but also endangers patients’ lives. This is the case of Düsseldorf University Hospital, Germany, who in September 2020 was hit by ransomware that attacked 30 servers, causing delays of treatment and even contributed to the death of a patient in the emergency room. Though is the first reported casualty that is a direct result of a ransomware extortion, this rise of attacks on healthcare practices makes such fatalities a terrifying and inevitable reality.
Both government and large-scale infrastructure systems are the first stop for attacks due to their importance on everyday life. In the case of the attack on the national systems of Costa Rica, elaborate attacks now make previously well-protected organizations potential victims, and threaten national-level government departments and services, which have direct implications to citizens.
2. Ransomware as a Service (RaaS)
Low costs, high profits, and rapid monetization have catalyzed ransomware into a popular tool used by cybercriminals that, when considered in the current age of digital currencies, makes it harder than ever to track. This environment has given rise to more and more criminal organizations using ransomware for business opportunities. In this background, the Ransomware-as-a-Service (RaaS) business model was developed, giving rise to the increase in ransomware attacks we see today.
This has led to the large-scale industrialization and a complete ransomware development-propagation-extortion business chain. Ransomware services are now sold through customized solutions, memberships, or subscriptions, allowing anyone to launch a ransomware attack without leaving any fingerprints (such as the tech involved), and all at a very low cost. Using the virus to spread over various networks and then splitting the ransom with participants at all levels creates a clear labor division, which lowers the entry threshold to launch and spread ransomware attacks.
3. Double Extortion: The New Norm
Modern ransomware not only increases risk of data breaches and the encryption of data and thus ransoms, but steals confidential data, and threatens to leak it unless a ransom is paid. This is referred to as double extortion, in that there is added threat to the victim, and twice the likelihood the attacker receives its money.
Such method puts the victim in a tricky position: refuse to pay, and the attacker will expose sensitive data, creating reputation damage and even administrative penalties by regulatory bodies. Or, pay the ransom, and risk not recovering any data and continue to suffer the threat of data leakage, or even further ransom on top of the original amount. According to Sophos, the UK-based securities company, only 8% of organizations managed to regain all their data after paying a ransom, and 29% received about half of their stolen data.
Figure 3: Two typical ransomware methods (Source: Antiy)
4. APT Attacks
An Advanced Persistent Threat (APT) is a sophisticated and sustained attack that is customized specifically to infiltrate a victim’s vulnerabilities. Ransomware attacks, featuring greater precision and planning, are beginning to show a strong resemblance to APT attacks.
Compared with traditional attacks, an APT campaign targets high-value enterprises and organizations for extortion, and is not detected by traditional signature-based security solutions because of the frequent changes to the malicious variants. APT attacks create a persistent presence in the victim’s system for a long time in which they obtain as much information as possible before they strike. These cyberattacks are significantly more complex, requiring a much higher investment in time and money, usually from a group of cybercriminals. One successful attack can cause huge economic losses and reputation damage.
Figure 4: APT attack chain
Next Volume: How to Augment Your Security System
