Ransomware is one of the fastest growing and most destructive cyber threats today.
Cyber ââsecurity researchers largely agree that the growth of ransomware has been astronomical; the only question is how much. A recent report by Positive Technologies found that 69% of all malware attacks now involve ransomware, and given the amount of money involved, it’s easy to see why malicious actors are avoiding less lucrative methods of cyberattack.
Given how high-profile ransomware attacks have become, you might be wondering if you, too, could be a target. There are some risk factors that make some businesses more likely to be attacked by cyber criminals, and we’ll get into that in a moment, but first it’s worth noting that the defense against ransomware is largely under your control.
You still need to get the basics right, such as: B. Employee cyber security training and patches. these two areas alone could greatly reduce the risk. Then you would like to additionally protect your most important data in the form of zero trust access tools and highly integrated data backups. When you’ve done all of that, congratulations – then consider setting up a ransomware recovery service because ransomware attacks are exactly the damaging business nightmare they appear to be.
Attacks over the past two years have affected many companies of all sizes, locations and industries. Still, some trends have emerged that show what factors ransomware groups look for when deciding on a target – and what attack vectors and vulnerabilities they are exploiting. Knowing these will help you better understand if you are at a higher risk than others and require further security measures.
Here are seven things today’s ransomware attackers look for in a target, along with a look at some commonly targeted vulnerabilities.
1. Valuable data
The most important factor for ransomware attackers is the value of a company’s data. If attackers can steal or encrypt highly sensitive information, their victims may be more willing to pay a higher ransom. Even if they don’t get a ransom, more sensitive data from Dark Web buyers becomes more expensive.
You can see this preference in the types of organizations that ransomware attacks have targeted recently. Professional services, healthcare, and education were the top ransomware targets in 2020, with attacks on healthcare increasing 75% in October alone, according to Kroll. These industries all deal with sensitive data like financial information or personal identifiers, which makes them ideal targets.
Some ransomware groups have pledged not to target health or educational institutions, but the trends tell a different story. In the end, those with the most to lose are the most tempting goals.
2. Lack of security infrastructure
Unsurprisingly, ransomware attackers also prefer targets that lack adequate cybersecurity measures. Small and medium-sized businesses are responsible for half or more of ransomware attacks. These companies are less likely to have as much security as larger companies, making them easier targets.
This trend could intensify as ransomware-as-a-service (RaaS) grows in popularity. A growing number of ransomware groups have started franchising their tools so that virtually anyone can carry out ransomware attacks for a fee. The increasing use of RaaS means more inexperienced cybercriminals could participate in these attacks, and these newer attackers will likely prefer simpler targets.
Companies in industries that are new to cybersecurity, such as manufacturing or logistics, can fall victim to this trend. Ransomware attackers may prefer these organizations because they are less likely to have sufficient infrastructure to stop them.
One recently Twitter thread examined the vulnerabilities most frequently exploited by ransomware groups – and found that vulnerabilities in 18 products were most attacked (picture below). Since many of these vulnerabilities are known vulnerabilities, the problem of patching remains a major problem.
3. Money for a ransom
Cyber ââcriminals also typically look for targets that can pay a higher ransom. Because of this, the entertainment industry, often busy with multi-million dollar projects, experienced the second highest number of cyberattacks in 2019, according to Verizon’s 2019 Data Breach and Investigation Report. A successful ransomware attack on wealthier businesses can result in a higher payday for the attackers and attract their attention.
At first glance, this number seems to counter the trend that attackers are targeting small and medium-sized businesses. But even a medium-sized company can offer a significant amount of money to an individual or a small group. It’s also important to note that while SMEs are the most common destinations, it doesn’t necessarily mean new businesses are.
If your business has at least a few million dollars in annual sales, you could be a target. In general, the more profitable your business, the more attractive your goal is.
4. Damage potential
Financial rationale isn’t the only driving force behind ransomware attacks. Some cyber criminals try to wreak as much destruction as possible, especially in government sponsored cyber attacks. Whether for a statement or a feeling of power, some ransomware attackers look for targets with the highest damage potential.
Supply chain companies are among the most vulnerable organizations. Take, for example, the SolarWinds attack, which affected more than 18,000 customers by targeting a single system, or the Kaseya attack, which put thousands of the company’s customers at risk. If you have information from multiple customers or are connecting to many other companies’ software, you might be an ideal target.
Software-as-a-Service (SaaS) providers are therefore, in a sense, ideal. If you offer IT services to multiple other companies, you can be wreaked havoc with a ransomware attack. This potential could attract attackers.
And critical infrastructures remain a tempting attack for those looking to cause harm. Colonial Pipeline has shown how effective such attacks can be.
5. Remote workers
In the midst of the COVID-19 pandemic, many companies have embraced remote work. Data shows that the same businesses may be at increased risk of a ransomware attack. The software that you use to collaborate with remote workers can have vulnerabilities that ransomware attackers want to exploit.
In one study, cyber criminals used RDP vulnerabilities in 47% of all ransomware attacks.
Remote Desktop Protocol (RDP), which remote workers may use more than others, is a favorite of ransomware groups. In one study, cyber criminals exploited RDP vulnerabilities in 47% of all ransomware attacks, more than any other category.
Virtual private networks (VPNs) are another common destination. While these tools can protect you by encrypting your internet traffic, unpatched vulnerabilities or outdated versions can make them entry points for cybercriminals. If your company uses these or similar remote collaboration tools, you could be at risk.
Zero Trust is a way to protect home and remote workers. And corporate firewall makers Fortinet and Palo Alto Networks unveiled secure routers last week aimed at home workers and small office workers.
6. Sociopolitical motivations
The vast majority of cyberattacks are financially motivated, but not all. As these attacks have risen in the news, more and more groups have begun to use cybercrime to make a statement. As this trend increases, more victims may be government agencies, critical infrastructures, and organizations with controversial socio-political ties.
Security experts have noted that a new wave of hacktivism, or hacking to advance a political point of view, has emerged recently. Any company involved in controversy could also fall victim to a ransomware attack.
While you cannot always predict the public’s reaction to your decisions, some industries are more likely to be affected by these attacks than others. Those with close government ties are the most obvious target, and companies that are deeply concerned with safety or the environment can also be at risk.
7. Geographical location
Interestingly, recent research shows that ransomware attacks are often concentrated in specific geographic areas. In active Dark Web ransomware threads in July 2021, KELA researchers found that more than 40% of threat actors named the US as the desired location for victims. Canada and Australia followed with around 37% each.
This geographic concentration is likely due to the concentration of richer or more prominent companies. Political motives could also play a role. Certain locations, such as states or cities, may follow similar lines, with the largest and most affluent areas experiencing more attacks.
If your business is based in these areas, you may be at greater risk for ransomware than others. This factor is probably less influential than data value and security infrastructure, but it’s worth mentioning nonetheless.
Understand the motivations of ransomware attackers
Cyber ââcriminals don’t act randomly. Ransomware attacks are motivated and understanding these drivers can tell you what level of risk you are at.
No matter how vulnerable you are, protecting yourself from ransomware is of vital importance. However, if you fall into one of these categories, then you should consider more comprehensive anti-ransomware measures.
Further Reading: Best Backup Solutions for Ransomware Protection