Some government agencies may be targeted because the services they offer, such as police protection, are time-sensitive and crucial, notes Alexander Volynkin, senior research scientist, CERT Division, for Carnegie Mellon University’s Software Engineering Institute. Because such agencies often need to respond quickly, they have a greater sense of urgency in recovering their data and thus may be more willing to pay the ransom under duress.
In the past year, there have been numerous examples of police department ransomware attacks. One such case involved a Texas police department, where a ransomware attack caused the department to lose eight years of data—including body camera video and some in-house surveillance video.
Healthcare, energy/utilities, retail, finance
Healthcare organizations ranked no. 3 on BitSight Insight’s top list of ransomware targets. “Hospitals, in particular, may pay the ransom because their patient data is critical in life-or-death situations,” the report noted. One such example was the Hollywood Presbyterian Medical Center, which paid a $17,000 ransom in 2016 to hackers who had locked some of the hospital’s critical data.
The sectors rounding out the BitSight Insights list include, in descending order, energy and utilities (no. 4); retail (no. 5); and finance (no. 6).
We’re also seeing more ransomware attacks targeting enterprise human resource departments, Volynkin adds. Criminal hackers pose as job applicants, hoping that HR professionals will open emails and attachments from unknown senders—which will then spread the ransomware.
Mobile devices and Macs
Ransomware isn’t just a PC threat. A Kaspersky Lab Malware Report released in May 2017 found that 218,625 mobile ransomware files were detected in the first quarter of 2017 vs. 61,832 in the previous quarter, as Newsweek reported.
Ransomware doesn’t exclusively target Windows computers, either. Security firm Fortinet recently discovered a ransomware-as-a-service targeting Macs.
Emerging ransomware targets and threats
At a high level, any organization that has critical data, and where team members need to make quick decisions, will remain prime ransomware targets, Volynkin says.
The sensitivity of an enterprise’s data will also be a factor. For example, along with the sectors cited in the BitSight Insights report, you can expect to see law firms among targeted businesses in the near future, Volynkin adds. Legal firms “have client data that’s highly sensitive,” he notes, and typically have the resources to pay a ransom.
The next phase of ransomware, Volynkin notes, will not be just about holding data hostage; it will be about threating to publish data online if the enterprise that owns it doesn’t pay the ransom, he explains. In that scenario, law firms—and many other types of organizations—are attractive targets.
“If someone breaks into a law firm’s system, steals their sensitive client data and threatens to post it online, that law firm will have hard decisions to make,” Volynkin says.
Sign up for CIO Asia eNewsletters.