Attack rates are dropping, but only to be replaced with more sophisticated and targeted assaults

Despite ransomware attack rates waning, Europol says a shift in tailored campaigns against business targets has ensured the malware holds the top spot in this year’s Internet Organized Crime Threat Assessment (IOCTA) report.



According to the European law enforcement body’s annual report, published today (Wednesday), attacks utilizing ransomware are now “more targeted, more profitable and cause greater economic damage”.

The 63-page IOCTA report says that since ransomware entered the spotlight in 2016 with global attacks like WannaCry and NotPetya, the malware has remained a “relatively easy income” for cybercriminals – offering a more stable return than banking trojans.

Ransomware notably locks and encrypts infected systems and files with the promise of returning functionality once a fee is paid.

Philipp Amann, the head of strategy of the European Cybercrime Centre (EC3), told attendees of this week’s Europol-Interpol cybercrime conference that ransomware was no longer focusing on “random individuals” but the European public and private sector instead.

More than 25 ransomware families are associated with currently documented campaigns, including variants of GandCrab, Locky, Dharma, and Curve-Tor-Bitcoin-Locker.

Increased consumer awareness and initiatives including the No More Ransom project are considered to be reasons for the scattergun approach to ransomware infections falling.

However, businesses remain at risk as, despite the increased labor and potential need for spear-phishing, “attackers are able to pitch the ransom for decrypting the victim’s files based on the victim’s perceived ability to pay,” the report says.

Coveware estimates that the average ransom payment levied against the enterprise increased by 184% in Q2 2019 to $36,295, in comparison to $12,762 in the first quarter.

Remote desktop protocols and phishing remain key infection vectors, as cited in last year’s IOCTA report.

The threat of sabotage and the permanent loss or erasure of company data is are other factors keeping executives awake at night, this year’s report also suggests.

In addition, Europol says distributed denial-of-service (DDoS) attacks, the distribution of self-generated and child explicit material, and the abuse of cryptocurrencies and encrypted messaging systems are constant challenges for European law enforcement.

According to Amann, one positive change noted in this year’s report is the fragmentation of dark web markets, used to trade everything from illegal drugs and weaponry.

“I think it's fair to say we are partially responsible for that, but I wouldn't see this as a negative thing,” Armann said.

“The whole environment is in flux and there is a high level of distrust so criminals in that space are trying to find new ways to do their business.”