Ransomware is a quick and easy method for cyber criminals to make money. Hackers extort vulnerable individuals or corporations by encrypting important files and demanding payment in return for de-encryption. It’s a tried and tested form of malware with hundreds, possibly thousands, of variants.
Unfortunately, as cyber security advances to meet this threat, cyber criminals are also upping the sophistication of their ransomware campaigns. The cycle is ongoing and new trends and malware variants are cropping up all the time.
Global data recovery firm, Proven Data, provides ransomware assistance, data recovery and digital forensic services to companies worldwide. It works with insurers, brokers and individual companies to minimize downtime after cyber incidents and restore business functionality as quickly as possible. Since 2011, the firm has built up a catalogue of intelligence around the world’s various malware strands, and it’s always keeping on top of the trends.
“In the past, hackers used to prefer hands-on-keyboard RDP brute-force attacks where they would enter a system, locate back-ups, encrypt with a variant of ransomware and then leave. The attacks were relatively simple and straightforward,” said Linda Hamilton, client operation manager at Proven Data. “That’s not the case anymore. We’re seeing more and more hackers moving laterally within systems. They’re getting smarter, turning off anti-virus systems, and creating domain controller accounts to gain complete access to systems. They’re generally doing a lot more damage than they used to.”
Ransomware attacks are becoming a lot more targeted. Manufacturers, hospitals, government agencies and schools are particularly susceptible to an attack, especially if they hold sensitive personal information that hackers can exploit to demand more money.
“Hackers are specifically targeting larger organizations because they’re able to demand a higher ransom fee,” said Mark Congionti, president of operations, Proven Data. “They’re also tending to target countries where they think they can extort more money, so places like the US, the UK and Canada where there are higher costs of living, higher wages and so on.
“From our forensic reports, we’re able to identify the IP addresses of bad actors. We’re seeing a lot of ransomware variants coming out of Russia, Ukraine, North Korea, China and India. The variants coming out of those countries are not targeting those countries because hackers are trying to avoid prosecution.”
Cyber risk managers worldwide agree that people are a weak link when it comes to a corporation’s exposure to malware – and hackers are keen to exploit the people problem. Malicious actors are installing software that can hijack the email address book of a company and are then spamming those email addresses with clever phishing campaigns. As trends go, this is something that’s likely to continue, according to Victor Congionti, CEO of Proven Data.
“Ransomware is only going to become more sophisticated,” he told Insurance Business. “We expect hackers to start using machine learning and artificial intelligence to develop ransomware variants that evade anti-virus with ease. At Proven Data, we keep a clear record of all the malware threats and variants we’ve ever seen. We gather digital forensics on each case and build up a vast catalogue of intelligence to help us protect clients from threats we’ve seen in the past and best prepare ourselves for new and emerging exposures.”