Ransomware attacks have evolved quite a lot over the course of the past year, and have become one of the most visible threats organizations of all sizes face.
That is, based on recently published research conducted by Group-IB, which analyzed the rapidly changing threat landscape. Their findings should disturb every business owner.
Here's a quick overview:
First and foremost, ransomware attacks have become much more commonplace. The year 2019 saw a 40 percent increase over 2018, which is a clear indication that hackers around the world are increasingly seeing ransomware strains as their preferred vehicle for attacking organizations.
Second, the average size of the ransom demanded has been steadily increasing, moving from just $6,000 to a staggering $84,000. The focus is on large corporations and government agencies being the driving factor behind the dramatic increase.
In terms of tactics, far and away, the most common means of gaining an initial foothold onto a corporate or government network is RDP (Remote Desktop Protocol). RDP serves as the point of entry for 70 percent-80 percent of the attacks.
Aside from this, incident response teams report that exploit kits and spear phishing campaigns were also used regularly, though these were vastly overshadowed by RDP. The teams responding to Group-IB's information requests also noted that more advanced ransomware actors relied on advanced methods that gave them access to more valuable targets.
The methods the hackers used include:
- Compromising MSP's (Managed Service Providers)
- Exploiting un-patched vulnerabilities in applications
- Compromising supply chains
The bottom line is that no one is safe, and the price of a successful breach has increased dramatically. Worse, an increasing percentage of hackers are now demanding not one, but two ransoms from each target they hit. The initial payment to unlock encrypted files and a second payment to delete their copies of stolen files, rather than publishing them for all to see.
The best way to keep your company safe from this particular threat is to minimize your reliance on RDP and to make sure you've got a robust backup plan in place. If you haven't yet taken both steps, the time to do so is now.