There has been an alarming increase in ransomware attacks in 2019, according to Maher Yamout, Senior Security Researcher for the Global Research and Analysis Team at Kaspersky.
Speaking with MyBroadband, Yamout said that Kaspersky detected 16,017 new ransomware modifications in Q2 alone – including those belonging to eight new malware families.
This is more than double the number of new samples detected in Q2 2018, said Yamout, which stood at 7,620.
“Furthermore, Kaspersky’s most recent research has identified a new type of ransomware attack, which is actively growing in popularity,” said Yamout.
“This ransomware is targeting Network Attached Storage (NAS) and poses new risks for back-up data usually stored on such devices.”
Yamout said that Kaspersky detected and repelled encryption ransomware attacks on 229,643 Kaspersky product users during the third quarter of 2019.
How ransomware is being executed
Yamout said that ransomware is an enduring cyberthreat which targets individuals and organisations of all sizes worldwide.
He added that ransomware attacks usually comprise several stages, including:
- Delivery to a victim machine: malicious attachment in a spam letter, vulnerability exploitation or penetration in the case of a targeted attack
- Execution: encrypting of important user files
- Ransom demand
- Data decryption (optional)
“One of the most common ways to distribute ransomware is to send archives with executable scripts in emails (spam mail),” said Yamout.
“As an alternative, Microsoft Office documents with malicious macros are used as attachments. Additionally, vulnerability exploitation is another common way these attacks are carried out, where the WannaCry ransomware was proliferated by means of SMB vulnerability exploitation.”
Yamout said that cybercriminals will hone in on any weaknesses they pick up in a business’ infrastructure to initiate an attack.
“As such, to ensure protection, it is critical to invest in a security solution that offers a multi-layered protection model – making use of next-generation protection techniques and solutions that detect ransomware at both the delivery stage and execution stage of the attack.”
2020 will be even worse
Yamout said that Kaspersky expects 2020 to bring increased ransomware activity.
“These threats will grow in sophistication and attacks will become more targeted, diversifying under the influence of external factors.”
He added that Kaspersky believes ransomware will shift towards targeted threats.
“A potential twist might be that, instead of making files unrecoverable, threat actors will threaten to publish data that they have stolen from the victim company.”
Protect yourself against ransomware
Kaspersky offered the following advice to reduce the risk of ransomware infection:
- Always update your operating system to eliminate recent vulnerabilities.
- Make use of a robust security solution.
- Keep your cybersecurity solution up-to-date by always installing the latest software patches.
- Backup data regularly and keep backup drives safe or offline.
- Never pay the ransom if a device has been locked. Paying extortionate ransoms only encourages cybercriminals to continue their attacks. It is better to find a decryptor on the internet.
- Contact your local law enforcement agency and report the attack.