The growing ransomware threat isn’t just about more cybercriminals using the same cryptoware tools. The tools themselves are rapidly growing more sophisticated—and more dangerous.
Ransomware growing exponentially, with no signs of slowing
A new report from InformationWeek’s Dark Reading highlights key trends in the ransomware landscape, starting with the dramatic increase in total ransomware attacks. Ransomware attacks increased by 165 percent in 2015 (Lastline Labs), and this trend isn’t letting up. Anti-spyware company Enigma Software reported a 158 percent jump in the number of ransomware samples it detected between February and March 2016—and April 2016 was the worst month on record for ransomware in the U.S.
It’s also clear that ransomware growth is independent of the overall increase in cyberattacks over the past several years. The 2016 DBIR reported that phishing attacks are more common than ever, and Proofpoint found that in the first quarter of 2016, nearly 1 in 4 (24%) of all email attacks using malicious attachments contained just one strain of ransomware (Locky).
Not just more common—ransomware growing stronger and more effective
Most alarmingly, DarkReading reports that cyberattackers are rapidly evolving and diversifying their ransomware arsenal. Ransomware has become big business, and with that cash flow comes development of more complex ransomware strains and more clever techniques for infecting targets. In an ironic twist, creators of popular ransomware such as Locky are now working to “protect” their cryptoware from enterprising copycats who create knockoff versions and variants. No honor among thieves, indeed.
Better phishing lures, more brute-force attacks
DarkReading spotlighted two examples of this increasing sophistication. On the one hand, cybercriminals are developing new, more obscure ways of luring a user to install ransomware. From personalized landing pages to actually hacking a device’s boot-up process, stopping these techniques is much more complicated than just saying, “Don’t click suspicious links.”
At the same time, attackers increasingly skip the phishing lure and go straight to brute-force attacks on internet-connected remote desktop servers. For the skilled hacker, this technique is more reliable than phishing, and immediately gets the attacker much deeper into an enterprise network, allowing them to compromise more devices and ransom more data.
“No backup, no protection”
With ransomware mutating into an even bigger threat, Dark Reading encouraged companies to go back to basics, citing data backup as the essential first step in enterprise ransomware defense. We couldn’t agree more. No matter how complex and advanced the ransomware, modern endpoint backup isn’t scared. Modern endpoint backup gives you guaranteed recovery in the face of ransomware. But its protection goes beyond backup: Modern endpoint backup sees your endpoint data, sees your users’ endpoint activities, and gives you the visibility to identify and neutralize an attack as soon as it hits.