A new report from Carbon Black analyzed 1,000 ransomware samples to learn how attackers are using it and how threats are evolving.
The explosive growth of ransomware is bad news for Windows users. Some 99% of ransomware attacks are targeting Microsoft products, according to a report from security firm Carbon Black, released Thursday.
Of course, some of this is simply due to Microsoft's massive marketshare. However, many of the ransomware attacks studied used trusted tools like Microsoft's PowerShell to slip past certain antivirus software. "More prevalent malware even used PowerShell as a means to download and run the actual ransomware executable," the report said.
Most of the time, standard security systems are focused on clocking malicious files that may have been downloaded on a computer, the report said. "A reliance on this method distracts defenders from seemingly legitimate applications exhibiting malicious behavior. Many ransomware attacks are using existing tools on the machine, (e.g. PowerShell.)," the report said.
SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)
Macs were "virtually untouched" by the ransomware that was examined by the Carbon Black researchers. Of the small handful of ransomware families that targeted Macs at all, the report said, only one was truly destructive.
The report was conducted by Carbon Black's Threat Analysis Unit (TAU). The team looked at more than 1,000 ransomware samples, which they then split into 150 families. Essentially, they found that most attackers were looking for a way to make fast money with a combination of relatively unsophisticated tools delivered in a sophisticated way, the report said.
Attacks like WannaCry and NotPetya definitely brought more attention to the rising ransomware threat. However, the report said, many organizations are distracted by these major threats, to the point that they are forgoing basic cybersecurity measures that defend against smaller, more common attacks.
"Businesses appear to be focusing too greatly on next-generation threats while being unable to defend against the current era of basic malware. What's more, the public attention to new threats distracts many organizations from the ability to tool their environments and train their staff to respond to basic attacks," the report said.
Despite the massive impact it can have, ransomware isn't very complex. In fact, most attacks require very little coding, the report said. Additionally, the prevalence of Bitcoin, the growth of the dark web, and the emergence of Ransomware as a Service (RaaS) are making these attacks even easier to carry out.
The 3 big takeaways for TechRepublic readers
- Some 99% of ransomware attacks target Microsoft products, according to a security report from Carbon Black.
- Many attacks also used trusted tools to deliver their attack, such as Microsoft Powershell, which many existing solutions might not regard as a security threat.
- Organizations shouldn't be too distracted by major ransomware attacks, instead making sure they focus on patching and other standard security methods in order to stay protected.
- 17 tips for protecting Windows computers and Macs from ransomware (free PDF) (TechRepublic)
- Too noisy, low-level and unethical: Why some cybercriminals hate ransomware (ZDNet)
- Information Security Management Fundamentals (TechRepublic Academy)
- Ransomware and cyber-attacks: We need a defence plan, says Europe (ZDNet)
- Ransomware: The smart person's guide (TechRepublic)