In the last few years, major ransomware attacks such as WannaCry, NotPetya and CryptoLocker have made global headlines thanks to their huge scale, extensive disruption and sensitive targets. Meanwhile, stories about Dropbox and Android ransomware susceptibility continue to emerge at worrying rates. And while ransomware threats appear to be lurking around every corner, they’re also evolving to become even more destructive.
Ransomware has historically been an opportunistic exploit, with criminals unleashing attacks on hundreds of thousands of users. But the method of choice – mass infection – often doesn’t result in the large bounty a cybercriminal desires. Typically, only a fraction of ransoms are paid. As such, the time and effort that goes into managing large amounts of users (from handling incoming ransoms to decryption and communications) is disproportionate versus the gain. This rather inefficient method has unfortunately got cybercriminals thinking.
Unsavoury and illegal as it is, ransomware is big business for those profiting from its takings. So, why would a cybercriminal settle for less when they can strategise a smarter and effective way to extort even more cash? The quick answer? They won’t.
The latest ransomware attacks are rejecting the use of web panels and instead, opting to infect systems via email. This method goes hand in hand with whaling – the form of phishing which targets high-value individuals within companies – and allows for extremely targeted attacks with greater potential gain, but on a more manageable and discreet scale.
Ransomware via whaling may cleverly imitate a senior staff member over email and use this guise to make a request that ultimately causes systems to be infected. By taking this approach, cybercriminals can drastically cut down on resources by targeting a select few businesses, yet still make more money. Ransoms as high as £4.7m have been paid out following attacks executed through email.
Should organisations have effective, tried-and-tested disaster recovery plans in place, complete and incremental backups ready to launch, patch management and robust cybersecurity practices, today’s ransomware attacks can be contained and even intercepted immediately, if colleagues are trained on whaling identification.
However, this is too often not the case and cybercriminals know it. With their refined tactics, ransomware attackers will seek out vulnerable businesses as a priority. Therefore, it’s imperative that whatever your size, and regardless of how much sensitive data you store, IT investment is channelled toward inclusive cybersecurity. With the new wave of attacker all about getting more bang for their buck as quickly as possible, there’s nothing to say you’re not a tempting target.
For help with cybersecurity, contact the K3 Cloud, Hosted and Managed Services team 0844 579 0800.