Most malware attacks now involve ransomware – report

2021 will be remembered as the time ransomware broke mainstream. No wonder. A recent report shows that as most malware these days is related to ransomware.

Ransomware attacks make up a staggering 69% of all attacks against organizations, involving malware claims a recent report by Positive Technologies.

Compared to last year, ransomware attacks grew by 30%. That shows cybercriminals are getting a lot more comfortable with the modus operandi for extortion.

According to the report, emailing remains the primary method of spreading malware in attacks on organizations (58%), while compromised computers, servers, and network computers (33%) trailing second.

The report claims that threat actors are increasingly interested in attacking Unix systems, virtualization tools, and orchestrators.

Worryingly, major ransomware cartels like REvil, RansomExx (Defray), Mespinoza, GoGoogle, DarkSide, Hellokitty, and Babuk Locker are ready to attack virtual infrastructure based on VMware ESXi.

"More and more companies, including larger corporations, now use Unix-based software, and that's why attackers are turning their attention to these systems." Yana Yurakova, an Information security analyst at Positive Technologies, is quoted in a press release.

Operational changes

The analysis indicates a possible shift in how ransomware operators conduct their day-to-day operations. Since an attack against Colonial Pipeline and the District of Columbia Metropolitan Police heavily increased attention on ransomware cartels, researchers think cyber gangs might be more careful about their affiliate programs.

According to the report, operators of the popular REvil ransomware introduced restrictions on the industry of target enterprises. After analyzing dark web forums, researchers indicated a growing sentiment among cartel members that gangs need a cool-down period to avoid further attention from the authorities.

The report's authors stipulate that these changes might lead people in charge of ransomware malware to shelve affiliate programs altogether, taking more control in how the software is being used.

In theory, that could be accomplished by assembling teams of distributors who would supervise operators directly without an intermediary.

The Colonial Pipeline hack caused gas shortages in the American East Coast.

Year in turmoil

Attacks are increasing in scale, sophistication, and scope, the Treasury said. In 2020 ransomware payments reached over $400 million, more than four times the level in 2019.

The last 12 months were ripe with major high-profile cyberattacks on network management company SolarWinds, the Colonial Pipeline's oil network, meat processing company JBS, and software firm Kaseya. Pundits talk of a ransomware gold rush, with the number of attacks increasing over 90% in the first half of 2021 alone.

Recently, a Russia-linked cyber cartel attacked a major US farm service provider New Cooperative Inc., demanding $5.9 million in ransom.

A recent IBM report shows that an average data breach costs victims $4.24 million per incident, the highest in the 17 years. For example, the average cost stood at $3.86 million per incident last year, putting recent results at a 10% increase.

The officials said the administration is also updating guidance on sanctions to encourage victims of ransomware attacks to share information with law enforcement.

More from CyberNews:

Darknet researcher: they said, they’ll come and kill me - interview

There’s more opportunity in cybercrime than in pursuing a desk job - interview

24-year-old lost $14k worth of Doge: hidden gem crypto platform turned out to be a scam

Cring ransomware exploits 11-year-old version of Adobe’s ColdFusion 9 software

Employees beware: 82% of IT execs anxious about WFH security

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked