Ransomware attacks grow by 50% as cyberespionage soars, Verizon data breach report finds

Ransomware is rapidly becoming a popular go-to malware for cybercriminals as attacks jumped a whopping 50% over the past year. According to Verizon's 2017 Data Breach Investigations Report released on Thursday (27 April), malicious actors extorted millions of dollars from people and organisations in 2016 using various new extortion methods beyond the standard file encryption.

Analysing around 2,000 confirmed breaches and over 40,000 incidents across the globe, researchers said ransomware rose to the fifth most commonly used variety of malware, up from number 22 in the 2014 report.

"Attackers introduced master boot record locking, and partial and full disk encryption in an effort to make it more difficult to recover systems without paying," the report reads. "They also experimented with a variety of methods to avoid detection by security sandboxes... Encouraged by the profitability of ransomware, criminals began offering ransomware-as-a-service, enabling anyone to extort their favourite targets, while taking a cut of the action."

The researchers said cybercriminals also experimented with different ransom demands including time limits after which files would be deleted. Ransoms based on how sensitive the filename was increased over time. Some even offered to decrypt their victims' files for free if they decided to become attackers as well and infect two others.

Public administration organisations were the top target for ransomware attacks followed by healthcare and financial services.

Around 21% of breaches were related to cyberespionage with the public sector, manufacturing, professional services and education being the top targeted industries. More than 90% of breaches were attributed to state-affiliated groups while competitors and former employees accounted for the remaining 10%.

The researchers also found state-affiliated actors to be responsible for 25% of recorded phishing attacks, up from 9% the previous year.

"Cyberattacks targeting the human factor are still a major issue," Bryan Sartin, executive director of Global Security Services at Verizon Enterprise Solutions, said in a statement. "Cybercriminals concentrate on four key drivers of human behaviour to encourage individuals to disclose information: eagerness, distraction, curiosity and uncertainty."

More than 60% of the victims analysed by the researchers were found to be smaller businesses with less than 1,000 employees.

In terms of data breaches, the top three industries targeted were financial services (24%) followed by healthcare (15%) and the public sector (12%). Manufacturing sector companies were the most common targets for email-based malware. In the healthcare sector, 32% of threat actors were external while a shocking 68% were internal threat actors, such as employees.

Cybercriminals also used various tactics to infiltrate their victims' systems. While 62% of breaches involved hacking and 51% included malware, a startling 81% of hacking-related breaches preyed on stolen or weak passwords.

"The cybercrime data for each industry varies dramatically," Sartin said. "It is only by understanding the fundamental workings of each vertical that you can appreciate the cybersecurity challenges they face and recommend appropriate actions.

"Our report demonstrates that there is no such thing as an impenetrable system, but doing the basics well makes a real difference," he said. "Often, even a basic defense will deter cybercriminals who will move on to look for an easier target."

Meanwhile, a separate report by security firm Symantec found the average ransom spiked 266% in 2016 with cybercriminals demanding an average $1,077 per victim, up from $294 the previous year. American victims were also found to be more likely to pay up as compared to the rest of the world.

More than 100 new malware families were found released into the world - more than triple the amount seen in the previous year, the firm said.