Research Insights: Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound

A new report, Attack Vectors Shift as New Software Vulnerability Exploits Abound from Coveware reveals that “Data exfiltration extortion continues to be prevalent and we have reached an inflection point where the vast majority of ransomware attacks now include the theft of corporate data.” The report notes 77% of attacks now include threats of sensitive data leaks such as financial or healthcare data. The report describes ransomware incident response trends during Q1 of 2021:

Average Ransom Payment

$220,298

+43% from Q4 2020

Median Ransom Payment

$78,398

+59% from Q4 2020

Research Insights:

Matias Katz, CEO, Byos:  “RDP is a great technology, but because of its power, attackers have been leveraging it heavily as an entry-point into corporate networks for attacks such as ransomware. While the issue at the surface looks to be with RDP itself, it’s actually about how networks are architected – flat networks with minimal segmentation and those that focus on perimeter-based security will always be victims to these types of attacks.”

Rajiv Pimplaskar, CRO, Veridium:   “These findings highlights the growing danger of ransomware extortion as a key cyber security threat.  Ransomware attacks have increased by over 72% during the past year.  The abrupt shift to remote work since the COVID19 pandemic has resulted in a rise in the use of home computers several of which were already infected for some time.  Threat actors use key loggers and other means to steal or guess Usernames and Passwords in an attempt to spoof the system into admitting them as the genuine user.  Virtual Private Networks (VPNs) cannot offer protection against such attacks.  Prevention is a lot easier than cure and companies and users should look to embrace password less authentication methods such as “phone as a token” and / or FIDO2 security keys.  These methods eliminate the potential of credential theft and improve security.  Also, ransomware attacks tend to seek lateral movement in search of Personally Identifiable Information (PII).  Eliminating passwords makes this much harder and enables faster recovery from such incidents.  Finally, end users are also happier as these solutions have less friction and are easier to use.”

Garret Grajek, CEO, YouAttest:  “Ransomware is just the same distribution of malware as many other attack types, utilizing the same attack mechanism and most of the same vulnerabilities, but with a different payload. The payload is an executable that usually encrypts the desired data and then plants a “ransom” message to the enterprise with a promise to unencrypt the data for a monetary exchange – usually in some form of crypto currency. One variant is where the data is not encrypted, but snippets are sent to prove the hacker has stolen the data and will make it public if money is not sent. That snippet typically contains sensitive PII or PHI to up the ante.”