Detections of ransomware attacks have more than doubled in the first quarter of this year alone, according to a new report from McAfee labs, suggesting that we're on the brink of an epidemic that could spread to millions of machines.
For those unaware, a ransomware attack refers to the series of events following an attacker compromising the network or device of an organisation or individual, who then holds that data data hostage until a ransom is paid; hence the term ransomware.
According to the report, “ransomware attacks grew by 118%,” while “new ransomware families were detected, and threat actors used innovative techniques,” to gain access and control the files captured to extort the victim for payment, McAfee says.
ZDNET suggests that the increase in ransomware attacks on organisations and individuals alike is due to the fact that criminals are now turning to “powerful new forms of file-locking malware and additional attack techniques to conduct campaigns that are more lucrative than ever before.”
“After a periodic decrease in new families and developments at the end of 2018, the first quarter of 2019 was game on again for ransomware, with code innovations and a new, much more targeted approach,” said Christiaan Beek, lead scientist and senior principal engineer at McAfee.
“Paying ransoms supports cybercriminal businesses and perpetuates attacks. There are other options available to victims of ransomware. Decryption tools and campaign information are available through tools such as the ‘No More Ransom project,” Beek continued to explain.
“Most ransomware attackers no longer use mass campaigns, but, instead, try to get remote access where remote desktop protocol is the most used entry vector,” the report says. Interestingly enough, “even with all the sophisticated attack techniques being developed, attackers are still highly dependent on human interaction and social engineering.”
The report goes on to mention specific ransomware codes that are now becoming more prevalent, including the Dharma ransomware which was first discovered in 2016. McAfee says the authors of the Dharma code regularly release updates to ensure it can’t be decrypted. Also mentioned is the Ryuk ransomware code, which has the ability to lock down an organisation’s entire database and demand payment in bitcoin before decrypting the files.
Ryuk was originally attributed to North Korea, however, researchers now believe it originated from a cybercrime group rather than a nation-state. GrandCrab ransomware was first discovered in 2018 and gets a mention by authors of the report who describe it as “one of the most aggressive forms of ransomware” to date. While developers have worked over-time to release decryption codes for GrandCrab, the team behind the malware are said to have profited as much as $2-billion from the malicious code.
You can access McAfee’s Quarterly Threats Report here.