New data shows that file-less malware attacks are now the majority of all attacks this year, and ransomware grows to a whopping 5 billion industry.Fileless malware attacks using PowerShell or Windows Management Instrumentation (WMI) as their attack vector accounted for 52% of all attacks this year, beating out disk-based attacks for the first time, according to Cybersecurity Ventures 2017 Ransomware Damage Report.
"Attackers will use whatever is the cheapest and most effective method," says Rick McElroy, security strategist for Carbon Black, explaining the shift to file-less malware from attacks that rely on dropping malware to disk.
Fileless malware attacks, also known as in-memory exploits allow the bad guys to skip steps like creating a payload to drop onto your users' workstation. Instead, attackers use trusted tools native to the OS like PowerShell and WMI to exploit access, as well as Web browsers and Office applications.
Ransomware soared to a $5 billion industry this year, up from $850 million in the previous year, according to the report. "Both the volume of attacks and amount per attack were up," McElroy says. "But it was also the crazy value of Bitcoin that increased it to $5 billion."
Financial organizations, higher-education institutions, and healthcare, manufacturing, and technology companies, are some of the industries that have been hit this year with targeted ransomware campaigns.
Carbon Black's McElroy says ransomware authors are also expected to increasingly focus on Linux systems, because that is the operating system used by a large percentage of enterprises.
Source: DarkReading
Free Ransomware Simulator Tool
How vulnerable is your network against a ransomware attack?
Bad guys are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?
KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 13 infection scenarios and show you if a workstation is vulnerable to ransomware infection.
