New data has emerged detailing a 1200% jump in ransomware trojan detections, showing that the threat of ransomware attacks will continue to be a significant one for individuals and organisations alike.
The data comes from HP Inc, who says they’ve noted a 1200% jump in the number of Emotet Trojan detections in the third quarter of 2020, which has caused a number of analysts to reiterate the threat of ransomware in the online environment.
Emotet is a malicious piece of software – malware – that, according to a report from InfoSecurity Magazine “is often used as a loader, providing access to third-party threat groups to deploy secondary TrickBot and QakBot infections as well as human-operated ransomware.”
The report goes on to explain that “in the case of the latter threat, actors often use access to victim networks provided by Emotet to perform reconnaissance as the first stage in attacks,” for their ransomware campaigns.
HP Inc says it noted a “large and sustained increase in malicious spam campaigns,” as well as the 1200% increase in ransomware trojan detections. This increase was felt mostly in the Asia Pacific region, with Japan and Australia being hit by 32 and 20% of Emotet activity respectively.
The most common file attachment containing malicious software – malware – was word documents (.doc) as well as .exe files and other files like PDFs. The authors of the threat research reiterated the importance of “implementing an email content filtering policy to reduce the risk of compromise by encrypted attachments containing malware.”
Authors of the report note that one of the most common vectors of attack for hackers looking to implant ransomware in a system was via a ‘threat hijacking’ technique, which compromises either an individual’s or organisation’s email inbox, where hackers can view, open and reply to messages. Hackers often reply to legitimate emails with an attachment filled with malware like the Emotet trojan to launch the first phase of their ransomware attack.
HP Inc’s Senior Malware Analyst, Alex Holland has said that judging by the data, the Emotet threat will remain a significant threat for many more months to come.
“The targeting of enterprises is consistent with the objectives of Emotet’s operators, many of whom are keen to broker access to compromised systems to ransomware actors. Within underground forums and marketplaces, access brokers advertise characteristics about organisations they have breached – such as size and revenue – to appeal to buyers.”
“Ransomware operators, in particular, are becoming increasingly targeted in their approach to maximise potential payments, moving away from their usual spray-and-pray tactics. This has contributed to the rise in average ransomware payments, which has increased by 60%,” Holland said.
Ongoing Ransomware Attacks, Says HP
Authors of the report make it clear that ransomware attacks will remain a “significant threat to organisations,” as we move into the latter part of 2020 and beyond. “The average ransom payment rose by 60% to $178,254 compared to Q1 of 2020,” they say, adding that there are a number of reasons for the increase in ransomware attacks and the larger ransom being demanded by the attacker.
“First, threat actors are moving away from non targeted ransomware attacks that use pre-determined demands,” authors of the report say. “Instead, we increasingly see criminals choosing victim organisations based on their size and revenue to maximise potential payments.”
This is particularly damaging for organisations due to the fact that “many ransomware families have data breach blogs associated with them, where victim data is published if the ransom is not paid. In addition to losing access to their data, victims must also consider the reputational damage if confidential data is publicly disclosed.”
In the past week, we’ve reported on a large Australian company with links to the government and some of the world’s largest companies, Isentia, being hit by a ransomware attack that crippled its media portal system. Share prices were down more than 30% after Isentia told investors that remediating the ransomware attack could cost as much as $8.5 million, which has also potentially caused the company irreparable damage to its reputation.
To find out more about how an Information Security Management System can help keep your organisation protected and proactive about threats like ransomware detections, Click Here for your Free Gap Analysis Checklist.