Black Hat Ransomware infections may be down, but only because attackers are getting better at targeting them.
This is according to a report from Malwarebytes, whose team said that when it comes to crimeware figures, numbers can be deceiving.
Speaking to El Reg ahead of the 2019 Black Hat conference, Malwarebytes Labs director Adam Kujawa said that, while instances of consumer ransomware infections are down 25 per cent over the last year, attacks on businesses are skyrocketing, up a whopping 235 per cent over the same period.
Overall, the numbers would show that ransomware numbers have fallen. After peaking at more than 5.7 million total detections in August of 2018, just over 3 million attacks by lockup malware were detected in June 2019.
This is not, however, because criminals are losing interest in using ransomware. Rather, they are getting a much better return from fewer attempts on higher-value targets: namely, enterprises.
Rather than simply trying to spray out as many spam messages or fake ads as possible in an attempt to get users to download their ransomware and generate a quick payout, Kujawa said that criminals have found there is more money in targeting specific companies and trying to conceal their nefarious activities until they can lock up the most valuable data with the best chance of a payout.
As with other types of cybercrime, part of the change is due to growing sophistication among the attackers themselves.
"You realise 'I can break into a network the same way everyone else is and then be able to laterally move throughout the network'," Kujawa said.
"I drop ransomware, encrypt everything at once, then make away like a bandit."
Recent attacks on governments and large enterprises have shown just how efficient and lucrative this strategy can be as a single organisation will shell out tens of thousands just to get back data from a single ransomware outbreak.
What's more, Kujawa said that businesses can also be easier to infect with ransomware than consumer PCs. While most home users know better than to open attachments in unsolicited emails or download files from untrusted sources, employees on work PCs can at times be far more reckless in their behavior, making it easy to infect a single machine and then use that as the entry point into the network.
"While consumers may be more prepared now," Kujawa mused, "it seems like a lot of organisations never learned." ®