Targeted Ransomware: The Next Evolution In Cyber Extortion

Over the last five years, cyber criminals have besieged individuals and companies alike with ransomware, which is malicious software that encrypts data and attempts to extort the victim into paying money to decrypt their own data. Even worse, the use of ransomware by malicious actors is increasing: the FBI has reported that in the first three months of 2016 alone, ransomware has cost individuals and companies approximately $209 million dollars.

Cybersecurity consultants are struggling to keep pace with the constantly evolving threat including a new trend that significantly changed the game — the targeted large scale deployment of ransomware in victim environments.

Cyber criminals have changed attack techniques and have started to use perimeter vulnerabilities to gain a foothold in the environment and then deploy ransomware payloads. While the victim identification method remains opportunistic, where the attackers scan the Internet to find vulnerable victims, what happens next is straight from the playbook of targeted threat actors. After identifying a victim, the threat actors infiltrate the victim network and perform reconnaissance on its systems. Shortly after, the attackers return and bring with them a toolset that allows for the wide-spread distribution of ransomware in the targeted environment.

The impact can be catastrophic, in some cases crippling the organization’s ability to function. Worse, if the organization under attack does not have a strong Disaster Recovery Plan, it could lose all of its data unless the ransom is paid. Even then, there are no guarantees that the attackers will release the data.

This paper explores a recent targeted ransomware deployment and provides lessons learned that could prevent your organization from being victimized by this latest ransomware trend.