SecurityBrief Australia logo
Story image

Targeted ransomware attacks on the rise, Kaspersky finds

Ransomware attacks on high profile victims has grown nearly eightfold from 2019 to 2020, according to new research from Kaspersky.

From 2019 to 2020, the number of Kaspersky users encountering targeted ransomware, (that is, malware used to extort money from high-profile targets, such as corporations, government agencies, and municipal organisations) increased by 767%.

This increase in targeted ransomware occurred alongside a 29% decrease in the overall number of users affected by any kind of ransomware, with WannaCry still the most frequently encountered family.

The ransomware threat, when attackers encrypt private information and hold it ransom, became mainstream news in the 2010s following large-scale outbreaks, such as WannaCry and Cryptolocker.

They targeted tens of thousands of users and often requested relatively small amounts from victims to have their files returned.

Over the years, these campaigns have been on the decline. In fact, from 2019 to 2020, the total number of users that encountered ransomware across all platforms declined from 1,537,465 to 1,091,454, - a decrease of 29%.

Alongside this decline, however, there has been a rise in targeted ransomware, Kaspersky finds.

Targeted ransomware attacks are often aimed at high-profile targets, such as corporations, government and municipal agencies, and healthcare organisations.

The attacks involve significantly more sophistication (network compromise, reconnaissance and persistence, or lateral movement) and a much larger payout.

From 2019 to 2020, the number of users encountering targeted ransomware increased by around 767%.

Some of the most prolific targeted ransomware families during this time were Maze, the infamous group involved in several high-profile incidents, and RagnarLocker, also covered in the news.

Both of these families began the trend of exfiltrating data in addition to encrypting it and threatening to make the confidential information public if the victims refused to pay.

WastedLocker also made front-page headlines with similar incidents.

In many of these cases, the malware is specifically designed to infect each individual target.

Despite the rise in targeted ransomware, the ransomware family most frequently encountered by users is still WannaCry, the ransomware Trojan that first appeared in 2017 and led to damages of at least $4 billion across 150 countries, Kaspersky finds.

Nearly 22% of the users that encountered ransomware in 2019 encountered WannaCry. This decreased to 16% in 2020.

Kaspersky security expert Fedor Sinitsyn says, “The ransomware landscape has fundamentally changed since it first became big news in the security community.

"We’ll most likely see fewer and fewer widespread campaigns targeting everyday users. Of course, that’s not to say users aren’t still vulnerable.

"However, the primary focus will likely continue to be on companies and large organisations, and that means ransomware attacks will continue to become more sophisticated and more destructive.

"It’s imperative that businesses adopt a holistic, comprehensive set of security practices to protect their data.”

Story image
Phishing, monetary gain and supply chain attacks characterise cybercrime
"Cyber criminals leveraged phishing, ransomware and supply chain vector attacks to strike networks for financial gain. We believe that these network security trends will continue in 2021."More
Story image
Fortinet looks to reduces cyber skills gap with Training Advancement Agenda
“Fortinet is committed to solving today’s biggest cyber challenges, including addressing the talent shortage the industry faces, as both a technology company and learning organisation."More
Story image
Entrust launches PKI as-a-Service to better secure cloud apps
The next generation of its high-assurance PKI, Entrust PKIaaS, is designed to be secure, quick to deploy, scale on-demand, and run in the cloud.More
Story image
New research reveals customer behaviour around fraud risks
"Timeliness is key, you must get the alert in front of people at the exact moment they are at risk of fraud. Without this, banks will continue to spend huge amounts of money on fraud prevention messaging that will never have an impact."More
Story image
Snowflake completes IRAP assessment, looks to enable Aus Govt
“The completion of the IRAP assessment now allows Snowflake to work with all Australian Government agencies since many departments require the protected status to have been reached."More
Story image
Kaspersky launches new course to defend users against doxing
"Knowing the threats that are out there makes it easier to take measures to avoid them, and one such threat is doxing - the act of gathering and revealing identifying information about someone online against their will."More