Kaspersky Lab reckons the number one reason its customers call them for emergency help is because of ransomware – with Wannacry still playing a large part in detections picked up by the Russian company.
In its Incident Response Analytics report for 2018, published this week, Kaspersky said it had seen the infamous malware strain, which KO’d Britain’s National Health Service in May 2017, appearing in 40 per cent of its malware-related callouts from affected corporate customers.
Gandcrab, the other name-grabbing ransomware of note at the moment, accounted for just 5 per cent of callouts, with Cryakl taking the number two spot at seven per cent of observed infections.
"In two out of three cases, investigation of incidents related to the detection of suspicious files or network activity revealed an actual attack on the customer's infrastructure," said Kaspersky.
Kaspersky split its corporate customers into three groups: financial institutions, governments and industrial companies. Banks and the like were much more likely to be targeted by advanced persistent threat (APT) actors, meaning well-resourced and highly organised hacking crews likely to be backed by a hostile state, with governments also – unsurprisingly – being targets of similar operations.
In contrast, businesses were most likely to be victims of so-called banker trojans, malware planted to intercept online banking information. As well as intercepting and recording keystrokes, passwords, clipboard pastes and the like, banker trojans can also employ anti-detection techniques.
Interestingly, Kaspersky reckons industrial companies are less likely than banks and governments to be struck with ransomware. While this may be cause for celebration among industry's security defenders, the Russian antivirus firm also said that a full third of compromises were caused by – you guessed it – "lack of security awareness among employees".
"Having a plan to defend and quickly respond to such attacks is no longer an option; it's a must, regardless of business type," concluded Kaspersky. "Along with a powerful auditing policy and a log retention period of at least six months to one year, developing guided procedures for proper handling of digital evidence will definitely help in faster and more complete analysis of incidents by experts. This results in quicker containment and reduces possible loss of assets, data or reputation."
The full report can be read on Kaspersky's Securelist website. ®