Ransomware attacks show no signs of slowing

ransomware-on-keyboard

Ransomware attacks are showing no signs of letting up. In fact, recent research shows how these attacks are flourishing. The findings are based on more than 230,000 ransomware attack submissions, between April 1 and September 30, 2019, to antivirus firm Emsisoft and ransomware information site ID Ransomware.

ID Ransomware is a site that enables anyone to upload information to try to determine the strain of ransomware and the potential best steps to diminish the threat. Such information could be the ransom note, the contact information of the attacker, or an encrypted file sample. If available, those who submit information are provided means to decrypt.

For the second and third quarter period covered, the DJVU ransomware affected the most victims, accounting for 56% or 76,000 samples submitted. This ransomware variant is commonly found on torrent sites within software key generators purportedly designed to thwart copy protection.

The next most common, but trailing far behind DJVU, with 12% of submissions, was a variant of the Dharma ransomware. The Dharma virus has been around since 2016, but Emsisoft says it appears to have undergone a resurgence during this period.

While ransomware attacks are experienced globally, the report found Asian countries were hit especially hard. Indonesia experienced just over 17% of all ransomware attacks for the period, while Korea accounted for nearly 14% and India 15%. “This may be explained by the rapid digital expansion in Indonesia and India, which has seen the number of Internet-connected users in these areas rise significantly in recent years. Sudden digital growth can cause a time lag in the adoption of effective cybersecurity measures and consequently leave users more vulnerable to ransomware. Also, Indonesia has one of the highest rates of software piracy in the world, which may further increase the risk of ransomware infection,” the report stated.

The U.S. accounted for nearly 14% of submissions, while Germany, France, Italy, and Spain combined to account for almost 1 in 5 submissions.

As long as people continue to do risky things at work or home — and are also willing to pay a ransom for their data — ransomware infections are going to flourish. While every organization is different and has to make the best decision to secure their data based on their specific circumstances, the best way to deal with ransomware attacks is by avoiding them altogether. That’s best achieved by keeping staff away from dangerous sites, pirated software, and thwarting malicious software from launching on endpoint devices.

Of course, one can take all of the precautions possible, and some attacks will still be successful — so part of your defense should be how to deal with a successful ransomware attack where data was maliciously encrypted. This would include having known good backups.

Indeed, if victims stopped paying ransom altogether, then ransomware attacks would come to a halt; however, it’s easy to tell someone else not to pay a ransom when it’s someone else’s data that needs recovering. This is why, whether or not to pay a ransom, is a decision that is unique to every situation and organization. Still, for two important reasons, it’s not a decision that should be taken lightly: The first reason is a high percentage of organizations that pay a ransom don’t get their data back, so there is a reasonable chance one can pay and still end up with useless data. The second reason is paying the extortionists only funds extortionist operations and encourages additional ransomware attacks.

Should you find yourself dealing with a ransomware attack, always research the ransomware strain involved, look for available decryption keys, consider calling law enforcement, and turn to groups such as No More Ransom which are dedicated to helping the ransomware victims get their data back without paying the extortionists.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: