Ransomware attacks are getting more ambitious as crooks target shared files

Cybercriminals have learned they can get bigger pay days by going after bigger targets.
Written by Danny Palmer, Senior Writer

Ransomware attacks are increasingly targeting cloud, datacentre and enterprises infrastructures to ensure more effective – and more lucrative – attacks against organizations.

Not just encrypting files on PCs and servers, but locking down entire network environments is now the aim of criminals who want to prevent the ability for organizations to recover backup data in order to ensure that they leave victims with no choice but to pay.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

The warning about ransomware attacks against shared network files and cloud services comes in the 2019 Spotlight Report on Ransomware paper from cybersecurity company Vectra, which has tracked a rise in network file encryption attacks during 2019.

"Because the goal in a ransomware attack is to propagate as wide and as quickly as possible, it is desirable for file encryption to occur beyond the local files. When the infected computer has access to documents in network share volumes – with their high-capacity data storage – that single host can lock access to documents across several departments in a targeted organization," it notes.

In North America, the education sector and the finance and insurance industry are the most common victims of these attacks, each accounting for just over one-third of incidents. Government, manufacturing, healthcare, retail and energy organizations have also fallen victim to attacks in the first half of 2019.

For Europe and the Middle East, finance and insurance is the biggest target, accounting for a third of network file encryption attacks, with healthcare and energy accounting for just under one in five incidents each. Manufacturing and services are also common targets in the region.

Finance is the top victim in both regions and the top target for cybercriminals. It's an obvious target for attacks: the industry carries a lot of valuable and confidential data about customers and financial markets. Customers need access to their finances to live their day-to-day lives and banks can afford to pay large ransoms

"Banks have money, lots of it – and usually belonging to other people. Downtime at a bank means people lose access to their money, which is expensive. That means a bank is more likely to pay a ransom to get back encrypted data," Chris Morales, head of security analytics at Vectra, told ZDNet.

"The reason we hear less about it is because government organizations are obligated to report every attack to the public and private firms are not, especially when data loss did not occur," said Morales.

SEE: 10 tips for new cybersecurity pros (free PDF)

But despite a rise in ransomware attacks against cloud and network services – which in some cases see attackers make off with hundreds of thousands of dollars – organizations can prevent themselves from becoming the next victim.

"It is hard to stop, but it can be defeated. There are many precursor signs to a ransomware attack that can be detected and responded to, before a ransomware attack succeeds," said Morales.

"Continuous monitoring for network behaviors to proactively detect and respond to attacks does give an organization an opportunity to save themselves from the loss of data," he added.

Organizations can also go a long way to avoid falling victim to a ransomware attack by ensuring that systems that don't need to be facing the open internet aren't remotely accessible, and by applying security updates to prevent malware taking advantage of vulnerabilities.

Businesses should also keep regularly updated offline backups of their data, so if the worst does happen, the systems can be restored without giving into the demands of cyber criminals.


Editorial standards