Cybercriminals are turning back to ransomware attacks in their droves, with a 500% increase in attacks on enterprises since this time last year.

Data from US cybersecurity firm Malwarebytes shows how cybercriminals are returning to tricking businesses into downloading malicious software with the aim of extorting ransom payments.

Between Q4 2018 and Q1 2019 ransomware attacks increased 195%, as cybercriminals launched a massive Troldesh ransomware – also known as Shade – attack against US organisations.

And it is businesses that are the overwhelming target of cybercriminals, with a 235% increase across all attack methods compared to a year ago.

“This comes as no surprise,” said Andy Baldin, vice president EMEA at IT security firm Ivanti. “When it comes to an enterprise business, a threat actor is able steal a larger quantity of data, such as credit card information or health records, or ransom a large number of systems in order to get a higher payout.

“A consumer would not be willing to pay much to unransom their system, but a business can easily be convinced to pay £50,000 to recover a large number of systems.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

In its Q1 Cybercrime Report, Malwarebytes said that other non-ransomware Trojans continue to pose a dangerous threat to businesses, with Emotet being turned away from consumers towards enterprise.

The banking Trojan, which Malwarebytes describes as “the most fearsome and dangerous threat to businesses today”, steals sensitive information and allows additional malware to be installed.

It has been prevalent for the past year and spiked in January this year. In total, the number of Emotet detections grew from 800,000 to four million year on year.

Cryptomining goes the way of the dodo

While 2017 was seen as the year of ransomware attacks – thanks to high-profile attacks such as WannaCry and NotPetya – the number of attacks declined in 2018. This was largely due to the increase in cryptojacking, which sees criminals trick users into downloading malware that hijacks their computer to mine cryptocurrencies.

However, malicious cryptomining is “essentially extinct”, according to Malwarebytes – a sharp reversal from 2018’s 4,000% increase.

Malwarebytes attributes the recent closure of Coinhive, a mining software notoriously used by malware gangs to carry out cryptojacking, as a key reason why attacks against consumers have dropped.

But it is largely the decreasing value of cryptocurrencies that has put off cybercriminals. Bitcoin, the main cryptocurrency, fell from a January 2018 high of $16,600 to $3,200 in December – making it less profitable for criminals and likely pushed them back to traditional cybercrimes such as ransomware attacks and social engineering.

However, with the Bitcoin price continuing to rally past $5,000, and some experts predicting the price to continue rising, criminals might soon be incentivised to resume cryptomining activities.

Consumer ransomware attacks fall, but no time for caution

The focus on businesses has meant that the cyber threat for consumers has fallen, declining 40% from the previous quarter and 24% year over year.

“Consumers might breathe a sigh of relief seeing that malware targeting them has dropped by nearly 40%, but that would be short-sighted,” said Adam Kujawa, director of Malwarebytes Labs.

“Consumer data is more easily available in bulk from business targets, who saw a staggering 235% increase in detections year-over-year. Cybercriminals are using increasingly clever means of attack to get even more value from targets through the use of sophisticated Trojans, adware and ransomware.”

The report comes as research suggests cybersecurity leaders are facing burnout in the face of the growing and constantly evolving threat landscape.

Cybersecurity firm Symantec and Goldsmiths University surveyed 3,000 senior cybersecurity decision makers in the UK, France and Germany and found that 65% feel they’re being set up to fail, while two thirds feel ‘paralysed’ by the volume of threats they face.

And with 41% feeling a breach is inevitable, there is greater importance on the recovery aspect of a cyberattack.

Marie Clutterbuck, CMO of independent data recovery specialist Tectrade, said:

“IT teams often prioritise stopping a breach occurring at all, but in today’s cyber climate a successful breach is inevitable.

“The most important aspect of cybersecurity is that businesses prepare for the worst and have effective data recovery and backup systems in place.”


Read more: Qbot banking malware is back – and even cybersecurity vendors are infected