Ransomware Tips Towards Enterprise Targets

Symantec's latest 2019 threat report shows a worrying rise in cyberattacks and cybercrime activity. Web attacks are up 56%, formjacking attacks are running at 4800 a month, enterprise ransomware is up 12 per cent although over ransomware attacks are down and supply chain attacks have increased by 70 per cent.


In the wake of the recent Baltimore attack, let us examine ransomware in more detail.


For the first time since 2013, Symantec observed a decrease in ransomware activity during 2018, with the overall number of ransomware infections on endpoints dropping by 20 per cent. WannaCry, copycat versions, and Petya, continued to inflate infection figures.


When these worms are stripped out from the statistics, the drop in infection numbers is steeper: a 52 per cent fall.


However, within these overall figures, there was one dramatic change. Up until 2017, consumers were the hardest hit by ransomware, accounting for the majority of infections. In 2017, the balance tipped towards enterprises, with the majority of infections occurring in businesses.


In 2018, that shift accelerated and enterprises accounted for 81 per cent of all ransomware infections. While overall ransomware infections were down, enterprise infections were up by 12 per cent in 2018.


This shift in victim profile was likely due to a decline in exploit kit activity, which was previously an important channel for ransomware delivery. During 2018, the chief ransomware distribution method was email campaigns. Enterprises tend to be more affected by email-based attacks since email remains the primary communication tool for organizations.


Alongside this, a growing number of consumers are exclusively using mobile devices, and their essential data is often backed up in the cloud. Since most major ransomware families still target Windows-based computers, the chances of consumers being exposed to ransomware is declining.


Also contributing to the decline is the fact that some cybercrime gangs are losing interest in ransomware. Symantec saw a number of groups previously involved in spreading ransomware move to delivering other malware such as banking Trojans and information stealers. However, some groups are continuing to pose a severe

threat.


In further bad news for organisations, a notable number of highly damaging targeted ransomware attacks hit in 2018, many of which were conducted by the

SamSam group. During 2018, Symantec found evidence of 67 SamSam attacks, mostly against organisations in the U.S. In tandem with SamSam, other target ransomware groups have become more active.


Additional targeted threats have also emerged. Activity involving Ryuk (Ransom.Hermes) increased significantly in late 2018. This ransomware was responsible for an attack in December where the printing and distribution of several well known US. newspapers were disrupted.


Dharma/Crysis (Ransom.Crysis) is also often used in a targeted fashion against organisations. The number of Dharma/Crysis infection attempts seen by Symantec more than tripled during 2018, from an average of 1,473 per month in 2017 to 4,900 per month in 2018. In November, two Iranian nationals were indicted in the U.S. for their alleged involvement with SamSam. It remains to be seen whether the indictment will have any impact on the group’s activity

more news

Kaspersky Highlights Information Security In Loss Figures


To budget for information security, companies need to consider factors such as average potential losses, preferably by incident type, as well as other businesses’ average, outlays on security, Says the latest security report from Kaspersky.

read more

Half Of Global Organisations Not Prepared For Cyberattacks


It is believed that more than 4,000 cyberattacks occur daily worldwide, but half of organisations across the globe admit they are not prepared for such events.

read more

Secure Your Physical Business Against Data Theft


Data theft does not just happen in cyberspace, but in the physical business environment, too. Lax physical security can allow criminals to access your computers, filing cabinets, documents left on desktops, etc. Here are some tips for you to ensure your everyday working environment is safe and secure.

read more

UK Launches Third NCSC Annual Review


Paymaster General and Minister for the Cabinet Office Oliver Dowden MP has launched the UK's National Cyber Security Centre's third Annual Review. In his presentation speech, he said: "Thank you, everyone, for joining us this morning. Cybersecurity is genuinely a massive priority for the government and it gives me great pleasure to launch the National Cyber Security Centre’s third Annual Review.

read more