In a report entitled “State of the Phish” released by Proofpoint, a cybersecurity firm, about 50% of all organizations in the US were victims of ransomware attacks. The researchers focused on attacks that made use of ransomware, phishing, and cryptojacking. It sought to analyze how social engineering is used by ransomware attackers to launch an attack, and also to analyze the awareness of employees as an important proactive measure.
Ransomware attacks that mostly start from malicious emails have hit top speed with the private and public organizations in the country facing a constant attack.
The Proofpoint report established that the attack was primarily launched on organizations that handle important information. The primary targets were local government offices, state organizations, healthcare providers and many more.
Image Source: www.techrepublic.com
The rise of the attacks on these organizations is partly due to the many available cybercrime tools and services including the ransomware-as-a-service offered on the dark web. Much potent malware and the available information needed to stage a targeted phishing attack is also available on the dark web. This has made it easier for ransomware attackers to come up with more sophisticated malware and approach to match even the best of malware defense.
The Proofpoint report took into consideration the view of about 3500 IT employees, and 600 industry leaders to analyze the behavior and the impact of the attack in the US. The researchers also analyzed over 9 million malicious emails and went the extra mile to ran over 50 million phishing attack simulation emails on the customers of the surveyed companies. This was done to ensure that the findings were more accurate and the report contains a comprehensive overview of the state of cybercrime in 2019 according to the report.
The Proofpoint report also took into consideration the attacks launched on both private and public organizations in the country.
It was also revealed that 90% of global companies were primary targets of malicious email phishing attacks. This is more understandable as a lot of the ransomware attacks launched on companies started from phishing which persuaded targets to download a malicious attachment before the malware was installed.
The researchers also revealed that 50% of the phishing attacks launched on organizations in the year under review was successful. In addition, 55% of the analyzed companies suffered from spoofed credentials, compromised accounts, and ransomware attacks.
The Proofpoint report made a profound discovery concerning ransom paid to ransomware attackers after encrypting the network of targeted companies. According to them, only 69% of the analyzed companies who met the demand of ransomware attackers to pay ransom were actually given the decryption key. This is in line with the advice of experts that affected companies should not pay any requested amount since there is no guarantee that they may get the promised decryption key to unlock their file.
Most ransomware exfiltrates data before encrypting the file. There is still a possibility that they may sell the obtained information on the dark web after paying the requested ransom. Even ransomware attackers who give out the decryption key may possibly attack the same company again or be much motivated to go after other companies.
The Proofpoint report also established that 7% of companies that paid the requested ransom amount were met with another ransom demand. In addition, 22% of the analyzed companies that met the ransom demand never received the promised decryption key to access their data. This caused companies to suffer a higher cost from the ransomware attacks in addition to the damaged reputation, downtime, financial loss, and many more according to the Proofpoint report.
Image source: www.pandasecurity.com
The purpose of a phishing attack is to trick individuals in possession of a company’s credentials in other to steal the needed information to access other sensitive files. This calls for the need for companies to train employees as they mostly have the credentials to access these data which is needed by ransomware attackers. Most attackers make use of fake phone calls posing as a genuine service provider or a credible agent of a security vendor with the intention of getting some information to stage targeted phishing. It is important to avoid giving out personal or company information to anyone on the phone.
It is also important to avoid opening emails from untrusted senders and clicking on links and opening suspicious attachments. In one of the attacks launched by cybercriminals, they posed as Microsoft and deceived users that their system has been compromised, calling for the need for users to click on a given link to access and change their account passwords. Information like this can be verified from major news sites or from the Microsoft support, or by searching Google for any confirmation. Ransomware attackers mostly take advantage of the trust of targets to steal and deny them access to their important information.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.