Ransomware Attacks Skyrocketed in Q1: Beazley

Ransomware attacks skyrocketed in the first quarter of 2019, according to the Beazley Breach Response (BBR) Services team, which reported a 105% increase in the number of ransomware attack notifications against clients compared to Q1 2018.

In Q1 2019, the average ransomware demand reported to the BBR Services team was $224,871, an increase of 93% over the 2018 average of $116,324, said the Beazley Breach Insights report.

Not only has the frequency of attacks skyrocketed, but attackers are shifting focus, targeting larger organizations and demanding higher ransom payments, said the report.

While attacks using ransomware as a service (RaaS) platforms remain commonplace, tending to hit unsuspecting small businesses, more sophisticated variants are being deployed through phishing emails and tricking users into activating banking Trojans, the report affirmed.

Although banking Trojans are not a new form of malware – first hitting BBR Services’ radar in 2015 – they they are increasingly problematic for businesses. “[W]ithin the last year, BBR services has seen a substantial increase in incidents involving both ransomware and banking Trojans.”

Originally designed to steal banking credentials from users of online banking websites, recent variants of banking Trojans such as Emotet and Trickbot have been used by criminals to harvest all kinds of account details, the report explained.

Newer types of banking Trojans will also perform reconnaissance on email accounts and deploy other malware, most commonly ransomware, onto a system with relative ease, the report continued. Cyber criminals exploit the stolen credentials to steal from financial accounts, defraud through business email compromise, or commit identity theft.

“We have witnessed a considerable uptick in notifications of both ransomware and banking Trojans in the first few months of this year,” emphasized Katherine Keefe, head of Beazley Breach Response Services, in a statement accompanying the report.

“Banking Trojans are particularly troublesome as they are often more difficult to eradicate from an infected IT system than other forms of malware,” she added.

“Not only are we receiving more notifications but they are often used by cyber criminals to install secondary viruses onto computer systems,” Keefe said. “This can cause businesses serious operational, financial and reputational damage if not identified and managed early enough.”

The report quoted Bill Siegel, CEO of Coveware, who attributed the increased number of attacks to two main factors. “First, anytime the average ransom demand goes up, it’s going to pull in more attack groups interested in making money. Second, the easy availability of exploit kits (such as banking Trojans) and RaaS means there is a lower barrier to entry for would-be hackers.”

The report recommended the following measures if a company’s system has been infected with a banking Trojan:

• Disconnect infected machines from the network (wired and wireless) as soon as possible and preserve them for forensic investigation.
• Reset passwords for any users of the machine and alert employees to change passwords for any personal accounts they may have accessed through the machine.
• Notify external cyber experts (such as BBR Services) who can investigate the incident and determine whether data has been exfiltrated that gives rise to a legal obligation to notify affected individuals.

The report said businesses should regularly train employees not to open unsolicited attachments and links, particularly from unknown sources. In addition, macros should not be allowed to run and employees should be suspicious of links leading to web pages that ask for login credentials.

Further, employees should be trained not to store any personal login information on their computers, even through their browsers, the report said.

Source: Beazley Breach Response Services