An F-secure 2018 report called ‘The Changing State of Ransomware’ brought forward the fact that the rate of simple ransomware has now slowed down. In its place, some more evolved attacks have come forward which are far more sophisticated. This is because of the fact that analysts today are seeing hardcore extortionists on the rise using their ransomware to target the most prime organizations which are also high-value targets.
Targeting these enterprises tends to be even more lucrative than simply affecting an individual user. While it may only cost them a few hundred dollars to decrypt, attackers have the potential to extort thousands of dollars if they are successful at defrauding high-value targets.
The 2017 worldwide attack carried out by WannaCry showed the world just how vulnerable these companies are to a ransomware attack. They went onto attack computers that had Windows operating systems and subsequently demanded ransom payments in bitcoin.
WannaCry made a point about how ransomware removal is necessary by spreading into compromised or exposed remote desktop protocol ports (RDPs). These tended to be a popular pathway for these hackers because of the following reasons:
- They permit numerous login attempts before getting triggered for an alert or a lockout from the account
- They did not require administrators to change their account credentials on default
- They left their 3389/TCP port open to all inbound connections
These vectors for threats showed the criminals how they should focus on quality and not the number of targets. Quality for them meant a potentially bigger payout. A ransomware removal report found that more than half of the ransomware attacks have been targeted beyond user endpoints and were hitting corporate servers.
Well, as hackers form more complex tools that hit organizations, these companies should be looking for more complex forms of ransomware removal or prevention.