Ransomware Tips Towards Enterprise Targets

Symantec's latest 2019 threat report shows a worrying rise in cyberattacks and cybercrime activity. Web attacks are up 56%, formjacking attacks are running at 4800 a month, enterprise ransomware is up 12 per cent although over ransomware attacks are down and supply chain attacks have increased by 70 per cent.

In the wake of the recent Baltimore attack, let us examine ransomware in more detail.

For the first time since 2013, Symantec observed a decrease in ransomware activity during 2018, with the overall number of ransomware infections on endpoints dropping by 20 per cent. WannaCry, copycat versions, and Petya, continued to inflate infection figures.

When these worms are stripped out from the statistics, the drop in infection numbers is steeper: a 52 per cent fall.

However, within these overall figures, there was one dramatic change. Up until 2017, consumers were the hardest hit by ransomware, accounting for the majority of infections. In 2017, the balance tipped towards enterprises, with the majority of infections occurring in businesses.

In 2018, that shift accelerated and enterprises accounted for 81 per cent of all ransomware infections. While overall ransomware infections were down, enterprise infections were up by 12 per cent in 2018.

This shift in victim profile was likely due to a decline in exploit kit activity, which was previously an important channel for ransomware delivery. During 2018, the chief ransomware distribution method was email campaigns. Enterprises tend to be more affected by email-based attacks since email remains the primary communication tool for organizations.

Alongside this, a growing number of consumers are exclusively using mobile devices, and their essential data is often backed up in the cloud. Since most major ransomware families still target Windows-based computers, the chances of consumers being exposed to ransomware is declining.

Also contributing to the decline is the fact that some cybercrime gangs are losing interest in ransomware. Symantec saw a number of groups previously involved in spreading ransomware move to delivering other malware such as banking Trojans and information stealers. However, some groups are continuing to pose a severe


In further bad news for organisations, a notable number of highly damaging targeted ransomware attacks hit in 2018, many of which were conducted by the

SamSam group. During 2018, Symantec found evidence of 67 SamSam attacks, mostly against organisations in the U.S. In tandem with SamSam, other target ransomware groups have become more active.

Additional targeted threats have also emerged. Activity involving Ryuk (Ransom.Hermes) increased significantly in late 2018. This ransomware was responsible for an attack in December where the printing and distribution of several well known US. newspapers were disrupted.

Dharma/Crysis (Ransom.Crysis) is also often used in a targeted fashion against organisations. The number of Dharma/Crysis infection attempts seen by Symantec more than tripled during 2018, from an average of 1,473 per month in 2017 to 4,900 per month in 2018. In November, two Iranian nationals were indicted in the U.S. for their alleged involvement with SamSam. It remains to be seen whether the indictment will have any impact on the group’s activity

more news

Cyberattacks: Preparing For The Inevitable

It is generally accepted that it is when, not if, large organisations will be the target of malicious cyberattacks. The importance of being prepared has been laid out in a blog post Sweat In Peace, Don't Bleed In War, written by Meredydd Hughes, a former UK chief constable with substantial crisis management experience.

read more

Varonis Blog Highlights 110 Cybersecurity Statistics

Cybersecurity company Varonis has issued its predictions for the forthcoming year with a blog post entitled 110 Cybersecurity Statics For 2020. The blog states that cybersecurity issues are becoming a day-to-day struggle for businesses. Recent trends and cybersecurity statistics reveal a huge increase in hacked and breached data from sources that are increasingly common in the workplace, like mobile and IoT devices.

read more

UK To Go On The Cyber Offensive

The UK Government is about to launch a new proactive and offensive cybersecurity team that will wage cyberwarfare against hostile nation-states and online crime organisations. It would be naive to believe that the UK has not launched cyberattacks against third parties, but the killing of Qassem Soleimani has brought this out into the open.

read more

Are You Ready For Iranian Revenge Cyberattacks?

Following the killing of Qassem Suleimani no-one can be sure of what military action Iran will take, but experts agree that its cyberattacks will increase against countries and governments it sees as hostile.

read more