The State of Ransomware 2020: Key findings from Sophos & Malwarebytes


Ransomware has become one of the most common and well-known threats to cybersecurity. 2020 saw a notable increase in ransomware attacks specifically on enterprise entities, as many organizations found themselves in the crosshairs of malicious actors. These attacks are becoming increasingly complex, as cybercriminals leverage new and sophisticated techniques to exploit computers and systems. The questions now are how successful the file-locking malware is in achieving its goals and how paying the ransom impacts the overall remediation cost. 

This article will detail some key findings from Sophos’ “The State of Ransomware 2020” and Malwarebytes’ 2020 “State of Malware” reports, which offer brand-new insight into recent ransomware attacks and uncover the impact of fulfilling threat actors’ demands on overall recovery costs. But before we look at the findings, let’s quickly explore the definition of a ransomware attack to ensure you’re aware of the different attack vectors. 

AWS Builder Community Hub

What is a ransomware attack?

Ransomware is a type of malware that seizes control of your computer by encrypting its files in a way that you’re unable to access them normally. It typically spreads through malicious emails that ask you to download an attachment. When you do, the download launches a program that infects your system. Besides ransomware email, you can also get infected via malicious ads on compromised websites and drive-by downloads that exploit endpoints to infect entire networks. Advanced infection via remote desktop services is also possible. 

After infecting a system, the ransomware locks every data file it can find, using strong encryption. It then displays a note demanding a ransom (typically payable in cryptocurrency) to decrypt the files and restore access to the affected system. Security experts, however, warn that paying the ransom does not guarantee that you will get the unlock tool or decryption key needed to (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Dan Virgillito. Read the original post at: