In the wake of a spate of ransomware attacks across the UK cyber-criminals are adopting new tactics to ensure companies pay up and also to fool victims into accepting emails that harbour the malicious malware.
  • Cybercriminals involved in business email compromise (attacks that target companies) scams are trying to recruit native English speakers. Because phishing email red flags include poor grammar and spelling mistakes, the scam artists are trying to avoid being detected at the first hurdle by paying English speakers to write convincing copy.
  • For some time ransomware creators have lowered the bar for others to use their creations by offering them ransomware attack accounts to sign up to as well as offering services such as payment gateways.
  • Entrepreneurial ransomware services have been offering to provide media relations support so attackers can threaten victims with adverse press coverage to cause reputational damage if they refuse to pay up.
While it is generally accepted that cybercrime has being getting more and more sophisticated, a recent sharp rise in ransomware attacks, exacerbated by increased remote working and low oversight of systems, suggesting  we are entering a new area of criminal ransomware activity.

Before 2017, ransomware attacks were generally small and sporadic, demands were low and there were relatively few attacks launched at larger enterprises. 

Individual users were typical targets but following attacks in the Ukraine, in which Petya ransomware caused widespread damage collateral damage on a global scale, ransomware creators deveoped new strains of ransomware and criminal groups appeared dedicated soley to exploiting ransomware.
Their intention was to launch widespread blanket ransomware attacks and they are still with us today:
  • Attackers are more strategic when it comes to demanding payments. Demands are generally low enough so that the victim will pay and high enough so that the attack is profitable.
  • A further common tactic is double extortion in which information is stolen before systems are locked by the ransomware. The cyber villains threaten to release the stolen data which constitutes a data breach under GDPR regulations placing even more pressure on the victim.
  • In total a successful ransomware campaign can result in payments worth millions of dollars.
Most victims in the UK recently have been health services, academic institutions and private businesses; indeed it’s the same across the world, with US institutions generally favoured because they are seen as cash cows.

This doesn’t mean home users should drop their guard, especially remote workers.  Ransomware is deadly and deeply damaging as those who have been compromised testify to.

BullGuard provides robust and advanced protection against ransomware, with defences that include dynamic machine learning for early detection of malicious code among its multi-layered defences alongside lightning fast performance and parental controls for keeping the kids safe.