- Security TWENTY
- Women in Security Awards
In 2017, more than a quarter, 26.2 per cent of business users were targeted by ransomware, compared to 22.6 per cent in 2016. This is due in part to three unprecedented attacks targeting corporate networks that changed forever the landscape for this increasingly virulent threat, according to a cyber-security product company.
Kaspersky Lab says that 2017 will be remembered as the year the ransomware threat suddenly and spectacularly evolved with advanced threat actors targeting businesses the world over with a series of destructive worm-powered attacks whose ultimate goal remains a mystery. Was the true purpose of the WannaCry attack ransomware gone wrong or a deliberate destructive attack disguised as ransomware? The attacks included WannaCry on May 12, ExPetr on June 27, and BadRabbit in late October. They all used exploits designed to compromise corporate networks. Businesses were also targeted by other ransomware and the company prevented ransomware infections on over 240,000 corporate users overall.
The WannaCry attack was industry-agnostic, and victims were mainly organizations with networked systems. The ransomware also hit embedded systems. These often run on legacy OS and are therefore particularly vulnerable. Victims received a ransom demand to be paid in bitcoins.
Fedor Sinitsyn, Senior Malware Analyst at Kaspersky Lab, said: “The headline attacks of 2017 are an extreme example of growing criminal interest in corporate targets. We spotted this trend in 2016, it has accelerated throughout 2017, and shows no signs of slowing down. Business victims are remarkably vulnerable, can be charged a higher ransom than individuals and are often willing to pay up to keep the business operational. New business-focused infection vectors, such as through remote desktop systems are not surprisingly also on the rise.”
The No More Ransom initiative, launched in July 2016 offers free decryption tools for some ransomware variants and advice, the cyber firm adds. The project brings together law enforcers and cyber-security vendors to disrupt the big ransomware families, seeking to help individuals to get their data back and undermining the criminals’ lucrative business model.