Ransomware remains one of 2019’s most concerning attacks, and industry data is showing that those responsible for ransomware attacks are improving their game.
One attack that continually generates revenue for cybercriminals is ransomware. While specific attack techniques change over time, the premise is still the same: encrypt critical data and systems for ransom. And, from the what we can tell from some of the latest industry reports, ransomware is becoming a more formidable challenge.
According to Malwarebyte’s latest Cybercrime Tactics and Techniques report, ransomware detections are up 500% over this time last year. The bad guys believe in this attack vector so much, they are trying 5 times as much as last year! Cybercriminals are also changing tactics to ensure their ransomware makes its way past security defenses. According to PhishLabs’ 2019 Phishing Trends and Intelligence Report, 98% of attacks in user inboxes contained no malware, making detection of malicious content such as ransomware increasingly more difficult. The use of links and social engineering are continuing to play a role in these attacks.
And, should ransomware be successfully installed, according to Coveware’s Q1 Ransomware Marketplace Report, ransoms increased 89% from $6,733 to $12,762 between Q1 2019 and the previous quarter. It’s likely the increase in ransoms is due to the success rates cyberciminals are experiencing.
Take the recent ransomware attack experienced by the Baltimore City government. They recently faced a ransomware attack using RobinHood. The government had to shut down all systems and characterizes the remediation as a “multiweek restoration process.”
With the bad guys getting better at their craft, and ransoms rising, organizations should be proactively planning for a ransomware attack. This includes specifically generating a backup and DR plan where ransomware is the disaster. Backups of critical systems stored in the cloud (as many ransomware instances seek out to destroy backups) are necessary, as is the ability to recover in the cloud. Using the Baltimore government as the example, without cloud-based recovery, they are left shutting down operations while they work to clean up infected systems.
Those organizations desiring to avoid this kind of downtime should seek out a cloud service provider specializing in providing a tailored recovery strategy hosted in the cloud.
Ransomware looks like it’s only going to get worse. Take note of attack aftermaths like that of the city of Baltimore, and begin planning your ransomware DR strategy today.