Home Malware Ransomware in 2020: More targeted, sophisticated, and costly

Ransomware in 2020: More targeted, sophisticated, and costly

by ethhack

Ransomware attacks have matured over the years, adopting more stealthy and sophisticated techniques, while at the same time fixing many of the implementation errors that earlier iterations had. Moreover, some attacks are now gaining a new data leak component, which exposes companies to more than the traditional data loss associated with ransomware.

The trends observed over the past year indicate that these attacks are not going away and are likely to increase in frequency.

Shifting targets

Ransomware started out as a consumer threat, representing an aggressive evolution over the scareware attacks that used to trick people into paying fake fines or buying rogue software to fix non-existent issues. While the early campaigns proved profitable for cybercriminal gangs, the consumer ransomware landscape became crowded. As consumer antivirus firms improved their ransomware detection capabilities, casting a wide net to gain as many victims as possible became a less effective technique.

In a report released in August 2019 that looked at the ransomware evolution between Q2 2018 and Q2 2019, security firm Malwarebytes noted that “this once dangerous but recently dormant threat has come back to life in a big way, switching from mass consumer campaigns to highly targeted, artisanal attacks on businesses.”

Over the analyzed period, the number of ransomware detections in business environments rose by 365%, while consumer detections declined. That trend continued for the rest of the year, according to Adam Kujawa, director of Malwarebytes Labs. “We’re seeing an overall focus on businesses and an increase in all kinds of infection methods,” he tells CSO. “A big part of that is that it’s easier today to infect a business than it was a few years ago and the EternalBlue and other exploits certainly had something to do with that.”

EternalBlue is an exploit for a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol that was patched in March 2017 and affected all versions of Windows. It was the primary propagation method through corporate networks for the WannaCry, NotPetya and other ransomware worms that crippled many organizations worldwide during 2017.

Source link

Related Articles

Leave a Comment