Some say ransomware is in decline. Others say it’s getting craftier.
File-encrypting malware, known as ransomware, infects vulnerable computers and scrambles its files, inviting victims to return access to their data once they pay a ransom. Ransomware remains one of the most popular types of malware and is said to be a multi-billion dollar — albeit illegal — industry.
But as companies gain awareness and shore up their cybersecurity defenses, the cat and mouse game continues between ransomware-launching threat actors and their victims, which can range from small businesses to local governments.
“Ransomware is a lucrative business model for the adversary because they get paid directly by the victim,” Steve Grobman, chief technology officer at McAfee, told TechCrunch.
In the past few months, security experts have seen a reduction in the “spray and pay” attacks against a large number of businesses and an increase of more focused efforts against larger corporate targets. Now ransomware-focused threat actors are using creative means to break into systems and deploy ransomware for the threat actor’s payday.
Just this week, foreign currency exchange Travelex was forced to suspend services at its stores after it confirmed a malware infection on December 31. A week later, the company is still largely offline. Travelex said little beyond a prepared statement, but it was reported that the company was hit by the notorious Sodinokibi (or rEvil) ransomware.