Increasingly common, criminal operations involving the use of ransomware are becoming more complex and specialized. A study conducted by security firm Trend Micro shows that groups using the tool are increasingly turning their attention to corporations with revenues exceeding $1 billion.
The reason for this is simple: money. The larger the corporations, the more susceptible they are to having problems resulting from the shutdown of their activities — and the more willing they are to pay the large sums required in ransom to return to operating under normal parameters.
“Modern ransomware attacks are highly targeted, adaptable and stealthy,” says Bob McArdle, director of cybercrime research at Trend Micro. “By stealing data and locking down important systems, groups like Nefilim are looking to extort highly profitable global organizations.”
Known loopholes are the most used by criminals
According to the study, criminal entities operating in the ransomware market already have enough profit to exploit 0-day vulnerabilities on high-profile targets. Using Nefilim as a case study, Trend Micro explains that to infiltrate an organization, groups use methods such as phishing, exploiting security holes, and even making payments to internal agents working at target companies.
The security company also warns that most attacks continue to exploit known security holes that have often been fixed. To The Register, the company explained that criminal organizations today are as organized and specialized as the information technology market, which explains why each group specializes in very specific types of attacks.
The biggest warning that Trend Micro makes is that, in practice, there is nothing really unique about the way the criminal groups studied act. The best way to protect against them continues to be to bet on updating systems and implementing security policies that ensure that threats already contemplated by companies in the area do not go unnoticed.