The number of ransomware attacks has been reduced in the last six to eight months. Malicious cryptomining activity has primarily replaced ransomware as a leading cyber threat in many regions. But amid declining overall ransomware activity, it has been noted that the revenues reaped by cryptovirological operators are not falling.
According to a report furnished by an IT security company Check Point, the amount organizations collectively paid for ransomware removal to the attackers remain the same as it was during peak ransomware activity. It shows that cryptovirological operators have amended their business model that entails lesser infiltrations and more revenue.
Cybersecurity experts analyzing this report have deduced two primary reasons behind the unvarying revenue of cryptovirological operators amid declining ransomware activity.
Ransomware Attacks Have Become More Targeted
Mass spamming was once the leading method for the delivery of the cryptovirological payload. Ransomware operators would send a malicious email containing ransomware script to hundreds and thousands of users in one go. The majority of users don’t fall into this trap anymore because of increased awareness regarding spam emails in general and ransomware in particular.
For that reason, cryptovirological operators have focused on the quality of attack instead of quantity. They now mostly attack commercial entities from where there are strong chances of getting extortion payment in the name of ransomware removal. This might also be the reason why compromised RDPs have become a popular payload distribution tool of ransomware operators in the last 12 to 15 months.
Focusing on Public Clouds and Mobile Deployments
Experts also think that ransomware operators have also focused their attacks on particular components in an organizational digital infrastructure. For instance, it has been noted that cryptovirological operators now infiltrate the targeted organizations through public clouds and mobile deployments. Both these elements are considered weakest link of any digital setup and cryptovirological operators have got the good hold of it.
These are the two possible reasons why ransomware revenues are not plunging even when fewer attacks have happened in the duration of last year.
How to Deal With It?
Mobile deployments are carried out to streamline the workload by providing ease of use to both employees and clients. But it is imperative that organizations also take care of their digital security like the main network. For instance, they must also be secured through endpoint security software applications.
In addition, relying on a public cloud might not be a good idea to take care of your business operations. They are poorly secured by their host sites that don’t take any liability of any possible cyber attack.
Besides that, organizations must put investment on cloud backups and in-house ransomware removal expertise to fend off cryptovirological attacks.