Targeted ransomware attacks grow 767%, India among top targets

Image Source: IANS News

Image Source: IANS News

New Delhi, April 24 (IANS) The ransomware attacks on high-profile targets such as corporations, government agencies and municipal organisations globally increased by a whopping 767 per cent in one year (from 2019 to 2020), according to a new report.

Targeted ransomware attacks have become a major concern globally in the past few years, especially for organisations and businesses in the APAC region, especially India.

"At least 61 entities from the region were breached by a targeted ransomware group in 2020. Australia and India being the top two countries that logged the highest number of incidents across APAC," said Chris Connell, Managing Director, Kaspersky (APAC).

The increase in targeted ransomware occurred alongside a 29 per cent decrease in the overall number of users affected by any kind of ransomware, with WannaCry still being the most frequently encountered family, according to cyber security firm Kaspersky.

Targeted ransomware attacks involve significantly more sophistication (network compromise, reconnaissance and persistence, or lateral movement) and a much larger payout.

From 2019 to 2020, the number of users encountering targeted ransomware increased by around 767 per cent.

The ransomware family most frequently encountered by users is still WannaCry, the ransomware Trojan that first appeared in 2017 and led to damages of at least $4 billion across 150 countries.

Nearly 22 per cent of the users that encountered ransomware in 2019 encountered WannaCry, but this decreased to 16 per cent in 2020.

"We'll most likely see fewer and fewer widespread campaigns targeting everyday users. Of course, that's not to say users aren't still vulnerable," said Fedor Sinitsyn, security expert at Kaspersky.

"However, the primary focus will likely continue to be on companies and large organisations, and that means ransomware attacks will continue to become more sophisticated and more destructive," he added.

The ransomware threat -- when attackers encrypt private information and hold it to ransom -- became mainstream news in the 2010s following large-scale outbreaks, such as WannaCry and Cryptolocker.

They targeted tens of thousands of users and often requested relatively small amounts from victims to have their files returned.

Some of the most prolific targeted ransomware families during this time were Maze, the infamous group involved in several loud incidents, and RagnarLocker, also covered in the news.

Both of these families began the trend of exfiltration of data in addition to encrypting it and threatening to make the confidential information public if the victims refused to pay, according to the report.