Ransomware, DDoS now top threats as hackers look for big paydays

What do hackers want? Mostly, money.
Written by Steve Ranger, Global News Director

Profit is now the primary motivation behind the majority of attacks on enterprise systems.

Image: iStock

Hackers attacking business systems are most likely looking for a big payout -- not trying to make a political point or steal secrets.

Attempts to extort a ransom -- either by threatening or carrying out a distributed denial of service (DDos) attack, or by infecting PCs with ransomware -- is the most common motivation behind digital attacks, according to a survey.

Ransom attacks are a highly lucrative business for online criminals, and profit is now the primary motivation behind the majority of attacks on enterprise systems, growing from 25 percent of attacks in 2015 to 41 percent in 2016. In Europe that figure was even higher, at 49 percent, said the survey by security company Radware.

"It is faster, easier, and cheaper than ever to execute this form of extortion, which gives its victims a very short window to respond before suffering what could be a devastating disruption to systems and day-to-day operations," the report said.


What motivates a cybercriminal?

Image: Radware

Ransomware was the most common way for criminals to attempt to make money from businesses -- 39 percent said they had used it. But DDoS attacks used as part of an attempt to extort a ransom was also listed by 17 percent of companies.

While ransomware started off as a problem for unwary consumers, businesses are now being increasingly targeted by online scammers. That's because businesses promise a much bigger payday for ransomware crooks, especially if they manage to get ransomware widely distributed across a company network.

Using DDoS to extort a ransom can be extremely lucrative too: Radware said a typical ransom demand is somewhere between 10 to 200 bitcoin (about $3,600 to $70,000), and the ransom 'note' is often accompanied with a short attack to prove the hackers' capabilities.

Targets include companies that cannot afford any sort of downtime, like those in the online gambling industry, financial services, and entertainment.

Radware warned that copycats are compounding the headaches by issuing fake letters and hoping to turn quick profits with minimal effort. One way of spotting fakes, it said, is that low bitcoin ransom letters -- below 20 bitcoin -- are most likely from fake groups who are hoping their price point is low enough for someone to pay rather than seek help.

It noted: "Real hackers prove their competence by running a small attack while delivering a ransom note. If there is a change in network activity, the letter and the threat are probably genuine." Real hackers tend to attack many companies in a single sector, while fake hackers are less focused, targeting anyone and everyone in hopes of making a quick buck.

So what do cybercriminals look for when considering ransom targets? Radware said very private, risk-averse organizations may represent strong candidates for a DDoS or ransomware attack, as they are reluctant to go public on any security weakness. But those companies that are quick to send funds to make the problem go away often earn a reputation as such. That can result in new attacks from other cybercrime groups, the company warned.

Criminals are also looking for a lack of expertise. "They're more likely to focus on organizations or people lacking the resources to hire professionals; those with few or modest investments in IT security support; and those who lack knowledge of cyber-ransom techniques and how best to respond," it said.

According to the survey, seven percent of respondents keep bitcoin at hand in case as part of their emergency response plan.

Increasingly it's not just sophisticated gangs that are able to launch ransom attacks. Ransomware as a service is available at low cost to those who want to run a ransomware campaign but lack the technical skills. Similarly the infrastructure needed to launch DDoS attacks -- known as stressers -- can be rented, and can generate more than $100,000 a year for their controllers.

For just $19.99 a month, a wannabe online extortionist can run 20-minute bursts for 30 days using a number of different DDoS options. One online DDoS-as-a-service supplier offers packages from $19.99 to $999.99 a month -- at the top end this would give attackers the option of launching a five hour attack at up to 500Gbps.

Radware surveyed 598 organisations, with an average annual revenue of US $1.9 billion and about 3,000 employees.

Read more on cybercrime

Editorial standards