Ransmomware has reached a new level of maturity and menace over the past 12 months, according to the Ransomware and Businesses 2016 report from Symantec.
Even though wide-scale, indiscriminate ransomware campaigns remain the most prevalent form of threat, new and more advanced attacks are emerging, with a growing number of gangs starting to focus on targeted attacks against large organizations.
Once cybercrime gangs see some businesses succumb to these attacks and pay the ransom, more attackers will follow suit in a bid to grab their share of the potential profits.
The Services sector, with 38 percent of organizational infections, was by far the most affected business sector, while manufacturing, with 17 percent of infections, along with Finance, Insurance and Real Estate, and Public Administration (both on 10 percent) also figured highly, the report found.
Key Findings of the Report
- The average ransom demand has more than doubled and is now $679, up from $294 at the end of 2015.
- The advent of ransomware-as-a-service (RaaS) means a larger number of cybercriminals can acquire their own ransomware, including those with relatively low levels of expertise.
- The number of new ransomware families discovered has been steadily increasing since 2011. Last year was a record high, with 100 new families discovered.
- Between January 2015 and April 2016, the US was the region most affected by ransomware, with 31 percent of global infections. Italy, Japan, the Netherlands, Germany, the UK, Canada, Belgium, India, and Australia round out the top 10. Around 43 percent of the victims of ransomware were employees in organizations.
The report also noted that over the past year, ransomware attackers have added a number of new techniques to their arsenal. Several new ransomware families have been coded in different programming languages, such as JavaScript, PHP, PowerShell, or Python. Attackers used these languages in an effort to evade detection by security products.
Internet of Things
The growth of the Internet of Things (IoT) has multiplied the range of devices that could potentially be infected with ransomware. With a growing awareness of ransomware affecting traditional computers, attackers may turn to IoT to find new, softer targets, according to the report.
The past year has seen many news outlets reporting that ransomware infected multiple hospital and medical center networks, encrypted files, and held the data to ransom.
Some of these cases were likely the result of large-scale, indiscriminate campaigns but others were undeniably targeted. The rise of these types of attacks has prompted the FBI as well as the US and Canadian governments to issue alerts to businesses about ransomware.
