Ransomware now accounts for 69% of all attacks that use malware
The most common targets of ransomware in the second quarter of 2021 were governmental, medical and industrial companies along with scientific and educational institutions, says Positive Technologies.
Ransomware attacks have hit “stratospheric” levels, according to a report released Wednesday by cybersecurity firm Positive Technologies. In the second quarter of 2021, ransomware accounted for 69% of all attacks involving malware, a 30% jump from the same quarter in 2020. The most popular targets for ransomware were governmental, medical and industrial companies along with scientific and educational institutions.
SEE: Ransomware: A cheat sheet for professionals (TechRepublic)
The overall percentage of attacks against government agencies climbed to 20% in the second quarter from 12% in the first quarter. Ransomware distributors were involved in 73% of all of these malware-related attacks. Tomiris, a new malware loader discovered by Positive Technologies, was able to send encrypted information about a victimized computer to a server controlled by the attacker.
For the quarter, the industrial sector was involved in 80% of overall malware attacks. Citing one specific incident, Positive Technologies said it found a new type of remote administration tool (RAT) called B-JDUN, which was used to target an energy company.
But ransomware purveyors also targeted individuals, with NitroRansomware one example. In this type of attack, the criminals deploy malware masquerading as a tool for generating free gift codes for Nitro, an add-on for Discord, a community-based chat app. After launching, the malware gathers data via the browser and then encrypts files on the user’s computer. To receive a tool to decrypt the files, the victim must buy a gift code for activating Nitro and give it to the criminals.
The volume of ransomware attacks had already been surging in April. But in early May, attacks targeted Colonial Pipeline and the police department of the District of Columbia. Such attacks revealed the boldness and audacity of today’s ransomware gangs. But they also triggered unwanted publicity, catching the attention of law enforcement agencies and eventually the U.S. government, leading to efforts to crack down on ransomware attacks.
As a result, cybercriminals have since started to change their methods, relying less on partners to carry out attacks and more closely supervising their distributors. Some have also vowed to leave alone certain industries, such as those involved in critical operations or infrastructure.
As a result of the bad publicity and law enforcement efforts, disputes have flared up on Dark Web forums questioning the nature of ransomware. Several forums have since banned posts related to ransomware partner programs. Some forum users have even said that ransomware gangs should stop what they’re doing and find a different way to make money.
Does this mean that ransomware operators will turn a new leaf and see the error of their ways? Hardly, according to Positive Technologies.
“We think that ransomware operators responsible for high-profile attacks will find it hard to quit such a profitable business, and will instead wait for things to blow over before developing a new concept,” the firm said in its report.
With ransomware likely to remain a threat, Positive Technologies offers several tips on how organizations can protect themselves.
- Install security updates. Be sure to install security updates in a timely manner.
- Fully investigate any major attack. Conduct thorough investigations of all major incidents to discover the points of compromise and uncover any vulnerabilities exploited by the attackers. Further, make sure the hackers didn’t leave behind any backdoors for themselves to return.
- Beef up perimeter security. You can strengthen security at the corporate perimeter by using modern security tools, such as web application firewalls for protecting web resources. To prevent malware infections, use sandboxes that analyze file behavior in a virtual environment as a way to find malicious activity.