(Rob Engelaar/AFP/Getty Images)
There's good news and bad news on the ransomware front: Attacks on consumers are down, but assaults on businesses have been skyrocketing, according to antivirus firm Malwarebytes.
In the second quarter, the company noticed a 363 percent year-over-year increase on ransomware attacks targeting clients running its business software. "Cybercriminals are searching for higher returns on their investment, and they can reap serious benefits from ransoming organizations over individuals," the antivirus firm said in a Thursday report.
Indeed, ransomware incidents have been grabbing headlines for shutting down IT systems at schools and city governments by encrypting data inside a computer and holding it hostage unless victims pay up.
Ransomware that targets consumers will usually only be able to encrypt a single machine. Hit the IT systems of an organization, however, and the malware can lock a whole fleets of computers. Recently, two Florida cities hit with ransomware decided to pay off the attackers about $500,000 and $600,000, respectively, rather than risk losing municipal data.
"Encrypting business-critical files on any number of (computer) endpoints can supply huge benefits to cybercriminals, including much larger ransom demands and an exponentially higher chance of getting paid," the antivirus firm said.
Ransomware attacks against Malwarebytes' consumer software dropped 12 percent year-over-year in Q2. A year ago, consumer machines made up the bulk of all ransomware targets, but attacks are now going after consumers and businesses almost equally.
The ransomware attacks are largely targeting machines in the US, which accounted for 53 percent of Malwarebytes's ransomware detections. Canada came in second at 10 percent.
Coveware, a separate security firm, has also noticed that hackers behind the attacks have been demanding higher ransom amounts. "In Q2 of 2019, the average ransom payment increased by 184 pecent to $36,295, as compared to $12,762 in Q1 of 2019," the company said in a report last month.
According to Coveware, many of the attacks targeting businesses involve delivering the ransomware by exploiting unprotected Windows systems with the Remote Desktop Protocol (RDP) activated. The hackers also like to use phishing emails that try to trick the victim into installing the ransomware.
The FBI and cybersecurity experts generally advise against victims paying the ransom. Doing so incentivizes the hackers to strike again, and there's no guarantee the encrypted data will be restored. Victims should also check whether free decryption software can release their data from the particular ransomware strain that hit their computer.
What Is Two-Factor Authentication?
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
