Mischa Ransomware Screenshot

Changing ransomware tactics

We’ve all seen the explosion of ransomware that hit last year. Huge payouts such as the $17,000 from Hollywood Presbyterian Medical Center to regain control of critical medical devices and information were big headlines in 2016.  What can we expect this year? Well, targeted ransomware, higher payouts, and advanced delivery methods.

1.  Targeted Ransomware

So far, ransomware attacks have been mostly of the ‘spray and pray’ variety (to borrow from military vernacular) where the attacker sends malicious emails to anyone who could receive them. Ransom amounts were set at a single level across the board. There were a few varieties that set file-level ransoms based on the filename, but this was rudimentary at best. This year, expect these attacks to be more targeted at organizations that are known to have a heavy dependence on the information and bad cyber hygiene where they will have to pay up to stay in business. So far, the top contender for this dubious honor is the health care industry.

2.  Higher Payouts

Most ransomware from 2016 (and earlier) has been pretty standard in payout demands. The amounts are usually around 1 Bitcoin (around $400-$600 dollars for most of 2016). As the attacks become more targeted at businesses that can and must pay, expect the ransom values to increase greatly. We’ve seen a little of this already, but the untargeted distribution methods meant that too high a ransom couldn’t be paid by most. Unless these targeted businesses improve their cyber hygiene, they will be paying the price in either Bitcoin or lost productivity and revenue.

3.  Advanced Delivery Methods

Most ransomware has been distributed through email. As attackers begin targeting specific companies and organizations, look for that to change. Emailed ransomware depends on the recipient’s curiosity and trust to complete the attack. A trained workforce has a better chance of recognizing that ransomware and preventing the attack. If the attacker can target the ransomware through other means, such as unpatched flaws in software or unsecured configurations, that removes the need for user error.

How can you protect yourself?

  1. Patch your computer systems regularly
  2. Have your cyber security risk assessed regularly
  3. Implement a solid backup strategy
  4. Regularly train your users to detect and prevent ransomware

What would you do if your company was hit with ransomware? Contact us to learn more about how to protect yourself.