Just when we thought ransomware was passé, it’s making a strong comeback. Ransomware entered the public consciousness in late 2013 when Cryptolocker successfully leveraged digital currency to extort an estimated $27 million from victims. 2016 and 2017 were big years for ransomware, with the devastating global deployment of WannaCry, Petya, and SamSam. The evolution and proliferation of ransomware continued, and even surged, in 2019.
Often cybercriminals comb the internet for vulnerabilities to take advantage of the cyber equivalent of the “lowest-hanging fruit”. Once in your network, hackers are incredibly efficient at cultivating new, “live off the land” techniques, designed to avoid detection while penetrating deep into your corporate environment.
Threat actors look for organizations and industries that are not prepared with disaster recovery or business continuity plans. Organizations such as municipalities and hospitals, where even an hour of downtime can be catastrophic, have been hit really hard.
Attackers also select targets that are not keen to disclose that they have been compromised - this dynamic applies specifically to Managed Security Providers (MSPs). Attackers want to put the victim in the position of having to pay quickly and quietly.
The ideal ransomware victim is:
A recently released version of MegaCortex changes passwords on infected machines and threatens to publish the ransomed data if payment isn’t made. This development is key because it undermines the tried and true solution for prepared organizations – data restoration from backups.
What is on the horizon? Increasingly sophisticated, targeted operations. Criminals are able to combine ransomware into other schemes like business email compromise (BEC) so they can spam the campaign out from a hijacked inbox.
Ransomware has evolved from criminal groups running the whole operation to now encouraging entrepreneurial behavior - “the business of malware.” They create workflows that other people can plug into. B.Y.O.M. – bring your own malware.
At BlueVoyant, we’ve seen organizations fail because of an attack for which they were entirely unprepared. Ransomware can destroy a business, especially one without reliable backups and a disaster response plan in place.
Read more in Volume One: Trends and Future Outlook Ransomware Response Cycle explainer series. This series will examine the current state of ransomware. This series will primarily focus on the present challenges faced by victim organizations, insurance carriers, and other stakeholders in the ransomware response process. Contemporary case studies from BlueVoyant’s Cyber Forensics and Incident Response Teams will be incorporated to demonstrate the issues that deeply affect the decision-making process of response stakeholders.