Report: Huge Increase in Ransomware Attacks on Businesses

As ransomware attacks begin to taper off for consumers, attacks against businesses continue to surge. According to a report by Malwarebytes, there has been a 363% year-over-year increase in the first half of the year. Aside from businesses, there has also been a greater number of ransomware attacks targeting different public sectors and local governments since the start of 2019.

Based on our 2019 ransomware report, the total number of ransomware detections between January and April of this year is 40,916,812. This is comparatively smaller compared to 2016’s numbers — a whopping 1,078,091,703. However, when compared to 2018’s numbers, which come up to 55,470,005, 2019’s total so far is only about 15,000 detections away from reaching the total ransomware detections for the whole of 2018. This shows that this year, ransomware activity is on the uptick.

According to the Malwarebytes report, ransomware authors’ significant shift of attention to businesses is due to their search for a higher return on investment. This year, a variety of ransomware families obtained bigger ransom payout amounts, such as Ryuk, which targeted logistics and technology companies as well as small municipalities.  

Aside from more focused targets, ransomware continues to become more insidious. We have recently reported a string of ransomware incidents, including ENTSCRYPT or GermanWiper, a fileless ransomware variant and wiper that makes file retrieval from an infected machine impossible.

Though phishing remains to be ransomware’s main distribution channel, it seems that cybercriminals are leveling up ransomware’s deployment. They try to gain access to the local networks of large businesses and spread their payload laterally. This tactic was employed by the LockerGoga ransomware, which affected industrial and manufacturing firms. Meanwhile, the US$2 billion-dollar-earning GandCrab ransomware compromises an enterprise host to gain access to the domain controller.

Defending against ransomware

It is important for organizations to implement the following security best practices to help combat the threat posed by ransomware to their operations:

  • Businesses should update their software to the newest version as soon as possible to help prevent abuse of unpatched vulnerabilities in older iterations.
  • All users should ensure that their data is consistently being backed up — preferably using the 3-2-1 rule that involves creating at least three copies of the data in two different storage formats with at least one copy located offsite. This ensures that data remains accessible even if ransomware succeeds in infecting the machine where it is stored.
  • Users should be wary of suspicious emails as these can be attempts to deliver ransomware or steal user credentials that will be used for future attacks. Links contained within an email should not be clicked and attachments should not be downloaded unless the recipient is certain that these came from a legitimate source.
  • The use of system administration tools should be restricted to IT personnel or employees who need access.

Organizations that want to strengthen their overall security posture can consider looking into managed security services such as Trend Micro™ Managed Detection and Response (MDR), which is ideal for businesses that lack the manpower for dedicated security teams. MDR relies on Trend Micro’s wealth of experience in the security industry and expertise at using both internal and external threat intelligence resources in order to spot threats before they can damage an organization’s system and endpoints. MDR is also able to maximize advanced endpoint detection and response (EDR) tools to swiftly and accurately analyze threats and their behaviors. These include advanced security solutions from the Trend Micro suite such as the Deep Discovery™ Inspector solution, which allows for the detection of a threat’s lateral movement within the organization.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Opublikowany w Threat Landscape, Ransomware