Is it Ransomware with a shotgun approach?
A shotgun approach means the attackers are sending ransomware attacks to many computers – not picking their targets, only spreading out to whatever computer will answer a certain defense profile.
Or ransomware that is targeted to specific industries?
Will the ransomware attacker pick on a specific industry that seems to be more vulnerable – or at least will more likely pay to recover their data?
Take a look at this Fireeye blogpost image:
The organized crime people are busy trying to design methods to make the most money using their most efficient means.
So this means that any factory that needs to run 24hr’s will have to be especially on guard. Any company or entity that has previously paid ransomware quickly is going to be laser-focused by the criminals. I.e. if it worked last year let’s focus on them!
So what worked last year?
There were more than 70 local governments that got ransomware. cnet article.
Atlanta: $2.6 million to restore instead of pay $52k on the ransomware
so then others paid the ransomware criminals:
Small hospitals got hit as well(WSJ article): Campbell County health system – a 90bed community hospital was forced to cancel services. it was not apparent whether the hospital paid the ransom – it seems they restored from backuop
This is an interesting quote from article:
“Health organizations are an attractive target for cybercrime thanks to their valuable medical and billing information, said Jennifer Barr, a health-care analyst at Moody’s Corp.”
Notice the higher costs in health care, financial services, then the others as well.
Health care is very likely going to stay a high target and will be at high risk.
If you do not have a current security policy with inventory, and teaching employees about phishing you are not doing anything to reduce your risk.
Risk can be reduced without a large dollar outlay.