Lock and block: Ransomworms take over the hacking scene

IBM X-Force says that threat actors are taking up ransomware in their droves to reap the benefits of criminal activity through blackmail.
Written by Charlie Osborne, Contributing Writer

There has been a staggering drop in the cyberattacks which aim to steal files with criminals instead opting for locking and blocking systems for the purpose of blackmail.

According to IBM X-Force, there has been close to a 25 percent drop in compromised records as ransomware and worms which spread this particularly grim kind of malware take precedence in the criminal world.

The security team's annual Threat Intelligence Index suggests that in 2017, ransomware was seen as far more lucrative than stealing data in bulk and selling these dumps in the web's underbelly.

Ransomware, such as WannaCry and NotPetya, infects systems most often through phishing campaigns and malicious executables.

Once a PC is compromised, the malware then encrypts files before throwing up a landing page warning that if the victim does not pay up, they will never receive a key to decrypt their systems.

While some cybersecurity firms have developed decryption software through weaknesses in ransomware coding, the future is often bleak for victims as there is no guarantee that paying up will result in a working key.

Many, still, pay up in the hopes of retrieving lost files -- especially when infections impact core services such as hospitals.

Also: Hackers target ad networks to inject cryptocurrency mining scripts

It is estimated that the global WannaCry ransomware campaign alone cost organizations upwards of $8 billion in damages over 2017.

Record breaches, however, are still of concern. In 2017, over 2.9 records were reportedly breached, which is down from four billion in 2016.

According to IBM, human error is often at fault. In total, 70 percent of compromised records were due to misconfigurations in cloud infrastructure. This is a 424 percent increase from 2016 as a cause for compromised records.

The financial services industry was most often targeted by cybercriminals in 2016 due to the lucrative information that these establishments store which can be used to empty bank accounts, make fraudulent transactions and withdrawals, and may also be used in identity theft.

However, this area is now the third-most attacked at 17 percent, behind IT companies and manufacturing, accounting for 33 percent and 18 percent of reported attacks, respectively.

See also: AVCrypt ransomware attempts to eradicate your antivirus

"While breached records are a good indication of cybercriminal activity, it doesn't tell the full story of 2017," said Wendi Whitmore, Global Lead at IBM X-Force Incident Response and Intelligence Services (IRIS). "Last year, there was a clear focus by criminals to lock or delete data, not just steal it, through ransomware attacks."

"These attacks are not quantified by records breached, but have proven to be just as, if not more, costly to organizations than a traditional data breach," the executive added. "The ability to anticipate these attacks and be prepared will be critical as cybercriminals will continue to evolve their tactics to what proves most lucrative."

The top open-source rookies, projects in 2018

Previous and related coverage

Editorial standards