Targeted Ransomware: What Is It?

A wide range of new ransomware variants are developing. Threat actors are moving away from indiscriminate attacks and toward specifically pursuing their targets with Ransomware in order to achieve their intended effects. Threat actors are anyone who is either the primary driver of, or participates in, a harmful activity that affects an organization’s IT security.  Along with targeted companies, they are striking at the most important or lucrative parts of the network. This is being done with the utmost disregard for morality or fairness.

Think about what would happen if one of your most important systems suddenly failed, taking down your entire business. Then some unknown entity demands money to restore your systems to working order. Or someone might target you with a DDoS assault and demand a payment to stop it.

What Is Ransomware & How Does It Operate?

Ransomware software employs encryption to keep a victim’s data hostage in exchange for money. An individual or organization can’t access its files, databases, or applications because their sensitive data is encrypted. Access is demanded in exchange for a ransom.  Cybercriminals are increasingly using ransomware as their primary attack method because they are aware that even brief outages may cause significant disruption and damage.

In ransomware, asymmetric encryption is utilized. A pair of keys are used in this sort of encryption to both encrypt and decrypt a file. For the victim, the attacker creates a special public-private key pair, with the private key being used to decrypt data stored on the attacker’s server. When the ransom is paid, the attacker releases the victim’s private key.

About Targeted Ransomware

Skilled crooks have shifted to tailored ransomware strategies in search of higher payouts. Depending on the organizations’ ability (or need) to pay large ransoms, these attackers deploy specialized techniques, approaches, and procedures to target very specific businesses. The term “big game hunting” is commonly used to describe this tactic.

These attackers are quite creative and usually take great care to understand the technological foundation of a target in order to identify and exploit any vulnerabilities as well as choose the most important data to encrypt and hold for ransom. They are also incredibly patient, gaining access to higher levels of privileges to get around security measures and remain undetected for months or even years before releasing malware.

This long-tail, targeted strategy was recently used in the Hades ransomware attacks. According to ZDNet, ransomware operators successfully targeted at least three businesses in the transportation, retail, and industrial sectors. They target large multinational organizations with yearly revenues of over $1 billion. The landscape has drastically changed since ransomware first made news in the security industry.

High Risk Ransomware Sectors

In the preceding year, ransomware evolved from an annoyance that targeted home PC users with insignificant ransom demands to a billion-dollar industry.  Any corporation might face catastrophic results from a ransomware attack, but some sectors are more at risk since hackers’ target businesses that can’t afford to lose network access. While some hackers might make generic assaults to get into any firm, professional threat actors will create carefully tailored attacks to look as legitimate as possible, even if that means making the communication appear to originate from a coworker.

High-risk industries consist of:

Education

Nearly 1,700 schools, colleges, and universities were reportedly attacked in 2020, with K-12 schools accounting for 57% of all known ransomware incidents, according to the Ransomware Task Force (RTF), Cybersecurity and Infrastructure Security Agency, and Multi-State Information Sharing and Analysis Center. Cybercriminals kept targeting educational institutions in 2021. When a ransomware attack was uncovered over the Labor Day weekend in 2021, Howard University was forced to postpone two days of classes.

Retail

The findings of the Sophos analysis suggest that in 2020, over half of all retail businesses and academic institutions would be targeted by ransomware. Additionally, 34% of retail establishments who had not had an assault in the previous year said they expected one in the future.  According to Computer Weekly, the British shop FatFace paid the Conti ransomware organization a $2 million ransom in April 2021 after a successful phishing attempt.

Most of the company’s 800 outlets closed for three days in order to respond to the attack. The company said that the ransomware disabled several of its cash registers.

IT

Due to the quick transition to remote work, ransomware hackers use phishing emails with pandemic themes to target victims when they are at their most susceptible. Early in 2021, the Taiwanese PC manufacturer Acer’s network was penetrated by the ransomware organization REvil, which wanted millions in ransom. Uncertainty surrounds the ransom payment by the firm.

Some of the most recent ransomware targets in the IT industry include Apple laptop manufacturer Quanta Computer, automobile inspection technology provider Applus Technologies, backup storage provider ExaGrid, and software provider Kaseya.

Infrastructure for Utilities and Energy

On the other hand, as hackers are aware, businesses in the oil, gas, and utility industries are the most inclined to pay ransoms.  The biggest ransomware attack to date was discovered in May 2021. The Colonial Pipeline Co.’s operations were shut down and petroleum supply throughout the East Coast of the United States was disrupted for days as a result of the DarkSide gang purportedly hacking the company using a legacy VPN account. The Department of Justice reported that it finally managed to retrieve half of the $4.4 million although the ransomware operators were successful in obtaining it.

Financial Services

Ransomware may have a wide-ranging, negative effect on the financial services industry. According to a survey conducted by Sophos of 550 IT decision-makers in the banking sector, 34% of them had experienced a ransomware attack in 2020, which is close to the cross-sector average of 37%.

The survey found that 91 percent of financial institutions had a plan in place for recovering from malware incidents. Ransomware operators specifically targeted CNA Financial, one of the largest commercial insurers in the United States. Bloomberg claims that CNA paid the $40 million demanded as ransom. The whole network’s functioning was restored after almost two months.

These are but a few of the sectors that might be affected by targeted ransomware. However, this does not imply that others will be spared. Several industries are vulnerable to ransomware. Experts stressed that no company, no matter its size or industry, is immune.

Defending Against Ransomware

According to what we know about these attacks, it appears that the attackers carried out a focused and physical assault with the purpose of extorting data. Some of the techniques used seem to be an effort to escape detection.  Although there isn’t a one-size-fits-all approach to stopping these assaults, efficient security measures can help. The following actions are advised:

  • Install security updates as quickly as you can
  • Install the most recent security programs
  • Implement a reliable backup and recovery plan
  • Audit your cybersecurity
  • Train your employees 

Conclusion

For today’s businesses to avoid becoming ransomware targets—or, worse, victims—adequate preparedness is essential. Employers must train their staff members about ransomware in order to raise awareness.

They also need to have a thorough incident response plan, deal with data governance, protection, and ransomware payments. A multifaceted approach is necessary for organizations to handle a complicated problem like ransomware. By taking the proper measures, these unacceptable situations may be prevented.