How Attractive is Your Business to Ransomware Gangs?

These days it seems like businesses from every sector are at risk of a ransomware attack, and it’s hard to determine exactly what type of business in what industry is a target that ransomware gangs may be interested in. Thinking that any business is too small to be on a ransomware outfit’s radar is a dangerous assumption -. No business is too small – 50% of ransomware attacks last year hit SMBs, and 55% hit businesses with fewer than 100 employees. But by taking a big picture look at how ransomware has grown and evolved in the last few years, IT professionals and businesses can get a handle on how much danger their organizations might be in and whether or not they’ve got what it takes to end up at the top of a cybercriminal’s shopping list

What Makes an Industry Attractive or Unattractive?
Ransomware groups aren’t too picky. Most gangs consider anything a target with very few exceptions, especially if that target has access to large amounts of valuable data. Ransomware practitioners know that they can make as much money or more off of selling a company’s data than they can off of just a ransom. That’s one of the major reasons why ransomware risk has been steadily climbing for the last two years. The booming dark web data markets are sending cybercriminals down paths that they haven’t traversed much in the past in order to make big data scores. Those paths sometimes also lead bad actors to data or access credentials that can be used to fuel future cyberattacks or slip into the systems of a larger organization.
Surprisingly, roughly half of the ransomware operators analyzed in a recent study of dark web forum posts were clear about their disinterest in pursuing ransomware attacks targets in the government, healthcare or education sectors. Attacks against infrastructure targets are unattractive too considering the fallout ransomware group DarkSide faced after the Colonial Pipeline attack. Infrastructure or government targets are traditionally the province of nation-state cybercriminals who also make frequent use of ransomware. Rumors began swirling in the media immediately that the Colonial pipeline attack was nation-state cybercrime. That’s one reason that the group was quick to throw the affiliate that conducted that attack under the bus but the damage was done, and the attack set the group up for scrutiny that ultimately caused it to shut down.

How Valuable is Your Data to a Ransomware Gang?
Ransomware groups are on the hunt for data constantly. According to an analysis in the Verizon/Ponemon Institute Data Breach Investigations Report 2021 (DBIR 2021), malware like ransomware was responsible for an estimated 30% of incidents that caused a violation of a company’s data storage integrity. Digging deeper, ransomware jumps to the top of the list again when considering reasons why a company lost control of or access to their data – 70% of data loss incidents in the study were the result of obscuration, a condition classification used in this report to indicate the result of a ransomware scenario where ransomware that encrypts a company’s data is installed and triggered successfully.
These data types were involved in the most breaches, making it the data that cybercriminals are most likely to steal from an organization.

Types of Data Stolen in Breaches

Approximated from DBIR 2021