Why Enterprise Ransomware Attacks Are Increasing

According to various sources, ransomware appears to see triple-digit spike in corporate detections. A pair of reports released by Black Hat and Accenture mark the enormous shift away from targeting typical consumers.

With attackers attempting to “win” the most payout, ransomware attacks are proving to migrate from consumer targets to organizations, businesses, and municipalities. It also appears consumer detections have finally fallen below organizational detections, according to Malwarebyte’s Black Hat 2019 quarterly threat report. The report determined that overall ransomware detections against enterprise environments in the second quarter rose by 363 percent year-over-year; meanwhile, consumer detections have been slowly declining by 12 percent year-over-year.

The report also found that ransomware is certainly expected to evolve with hybrid attacks with worm-like functionality and other malware families.

“This year we have noticed ransomware making more headlines than ever before as a resurgence in ransomware turned its sights to large, ill-prepared public and private organizations with easy-to-exploit vulnerabilities such as cities, non-profits and educational institutions,” said Adam Kujawa, director of Malwarebytes Labs, in the report published on Thursday at Black Hat 2019. “Our critical infrastructure needs to adapt and arm themselves against these threats as they continue to be targets of cybercriminals, causing great distress to all the people who depend on public services and trust these entities to protect their personal information.”

Earlier in the month, Accenture’s iDefense division discovered MegaCortex, a form of malware in prior years, has been rearchitected as enterprise-focused ransomware.

“The authors of MegaCortex v2 have redesigned the ransomware to self-execute and removed the password requirement for installation; the password is now hard-coded in the binary,” states Leo Fernandes, Senior Manager of Malware Analysis and Countermeasures at Accenture. “Additionally, the authors also incorporated some anti-analysis features within the main malware module, and the functionality to stop and kill a wide range of security products and services; this task was previously manually executed as batch script files on each host.”

It also appears that ransomware will not only focus on local files but attempt to access enterprise network shares, unbelievably increasing the level of impact from ransomware. “The evolution of ransomware from high volume, low return, spray and pray consumer attacks to lower volume, high value, targeted attacks against business is well documented,” stated Security Week, “The intent now is not to simply encrypt local files, but to find and encrypt network shares in order to inflict the greatest harm in the shortest time.”