Malware Trends Expose Data Protection Vulnerabilities

By VaultTek | July 1, 2022

Ransomware is a Lucrative Business for Cybercriminals

Cybercriminals are individuals or groups that use internet technology to target digital systems for malicious purposes and are often driven by the desire for money.  These delinquents thrive in the anonymity that the internet provides while aggressively seeking high monetary returns for their nefarious activities.  Unfortunately for most of us, the popularity and profitability of cybercrimes has propelled this activity into a growing business model for criminals.  Ransomware in particular has evolved into a sophisticated category of cybercrime that has become more demanding in its tactics and more diversified in its targets.  Early ransomware attacks left victims with locked computer screens and restricted access to their systems.  Newer varieties are designed to encrypt the files on a computer and can spread the virus across a network for greater impact.  In either scenario, the victim is left weighing the option of whether to pay the criminal demands or lose their data.  For additional motivation, criminals are using count-down timers to force victims into taking quick action, threatening to increase the ransom if the time demand is not met.  Some ransomware operators go even further and use extortion and coercion to target bigger organizations that have deep pockets and can produce higher payouts.  For these victims, the threat of losing data is compounded by the threat of having sensitive data leaked or sold on the internet. 

Because criminals believe that the ransomware business is so profitable, some forms of ransomware are now sold as a service (RaaS), or sold as a do-it-yourself kit, and there are even open source (free) forms of ransomware available.  Ransomware development is so prevalent that there is undoubtedly a variant for every criminal budget.  As long as it remains a lucrative business, cybercriminals will continue to plan and execute ransomware attacks.

How Cybercriminals Target Victims

Ransomware developers and operators utilize many different methods and vectors for delivering the damaging malware to its victims.  However, cybercriminals will almost always pursue the weakest link for the greatest gain.  Social engineering tactics are employed to deceive and manipulate victims by attempting to influence online behavior.  The crooks know that 95% of security breaches are caused by human error (https://cybintsolutions.com), which is why phishing is the method most often used by cybercriminals to exploit a system. 

Phishing techniques are easy to execute and can produce the results cybercriminals are looking for with very little effort, which is why researchers report that 1.5 million new phishing sites are created every month.  The goal is to trick the user into revealing sensitive information or taking an action that appears legitimate.  Criminals target victims by sending fake emails, text messages and advertisements disguised as trustworthy.  These are designed to attract a user’s attention with the goal of motivating that person to open a malicious file attachment or click on a hyperlink that will have devastating consequences.  More sophisticated methods of delivery target security weaknesses on computers, in operating systems, and across networks.  Mobile computing in particular presents unique security concerns and is a vulnerability that is challenging to address, especially with a rapidly growing remote workforce.  The remote workforce has led to security breaches in 20% of organizations (https://malwarebytes.com), and is therefore an easy target for criminal offenders. 

Studies of business continuity practices during the Covid-19 pandemic revealed important areas of weakness that heightened exposure to ransomware attacks.  Businesses were generally not prepared for widespread/prolonged absenteeism, which quickly disrupted normal operations.  Remote working policies and procedures were not well-defined or may not have even existed.  Moreover, as businesses were having to rely more on the use of remote technologies (Zoom, Teams, etc.), the training on these technologies may have been insufficient.  In addition, security measures for conducting business remotely was often not widely tested and enforced.  This combination of vulnerabilities was a recipe for disaster, resulting in a significant increase in attacks during the pandemic.

How Criminals Used the Covid-19 Pandemic to Facilitate Scams

Cybercrime researchers, and in particular those that track ransomware trends, have analyzed and documented how cybercriminals use media attention surrounding national/global crises to target victims that are seeking vital information (https://www.recordedfuture.com/research/insikt-group). The Covid-19 pandemic is a perfect example of how criminals adapted their social engineering tactics to exploit individuals and businesses.  Insikt Group’s analysis documented a steep rise in the use of Covid-19 themed malware to target victims in the first half of 2020.  Notably, their research also demonstrated a shift in the use of Covid-themed lures to other lures targeting the Black Lives Matter Movement, which dominated the news between May and June of 2020.  This ransomware trend, tracking news cycles to target victims, reinforces how criminals are very effective in honing in on the weaknesses of a particular audience to their advantage.

The FBI reported a 300% increase in cybercrimes during the Covid-19 health crisis (https://www.cybintsolutions.com), and incidents of ransomware attacks rose 148% in March 2020.  In addition, businesses saw a five-fold increase in attacks on remote workers following the Covid-19 lockdown (https://fintechnews.org).  A whole host of themed phishing lures targeted a large global audience looking for help, information and answers during the Covid-19 pandemic.  Criminals created fake domain names relating to the pandemic in order to snag searchers seeking information.  In April 2020, Google reportedly blocked 18 million daily malware and phishing emails related to the Coronavirus.  Many of the themed phishing lures of 2020 capitalized on the health crisis, the spread of the virus, and the availability of protective gear as well as other commodities.  Cybercriminals also seized on the vulnerability of the unemployed, including those seeking jobs, stimulus checks and other federal assistance.  NBC News reported in May 2020 that 33,000 people were exposed to ransomware phishing lures that targeted the Pandemic Unemployment Assistance Program.  In the summer of 2020, over 12,300 Covid-related scams were recorded by the FBI (https://www.cybintsolutions.com).  In the months to follow, information on vaccine distribution and availability had the world’s attention, causing ransomware operators to shift their targets once again.  In this way, criminals continue to exploit weaknesses through our vulnerabilities in order to turn a profit.

Business owners and government leaders should take a proactive approach to defending their data against cybercriminals and malware attacks.  VaultTek provides triple-redundant data protection using only U.S.-based data centers.  Our dedicated experts monitor your data and provide seamless support with recovery, should the worst occur.  At VaultTek, we’re passionate about data protection.  To learn more about how we can help safeguard your records, visit the How It Works page or contact us to discuss your needs.