2020 seemed to point to ransomware continuing to grow in devastation and cost; Ryuk reached a $34 million ransom payout, organizations were operationally brought to their knees by many of the prominent ransomware families, and the “as-a-Service” market for various parts of ransomware attacks – including the publishing of exfiltrated data – grew in interest.
But new data from security vendor Coveware in their Q4 2020 Quarterly Ransomware Report shows that phishing is now the prominent ransomware attack vector since RDP compromise is being prevented by potential victims.
According to the report:
Coveware speculate this decline in payment amounts is due to the ability for organizations to better recover their locked environment. And with Coveware seeing that exfiltrated data doesn’t appear to be credibly destroyed by the cybercriminal (and instead appear to be found in the hands of multiple parties, implying it’s been sold on the dark web), there is less emphasis on the option to pay the ransom and stop the publishing of the stolen data.
Phishing took over from RDP as the top overall initial attack vector, with the top attack vector varying between ransomware families. RDP picked up steam during the pandemic as many organizations sought to quickly provide remote access to their now remote workforce. Phishing has moved up as the quickest route to get malicious code into an organization and in front of an unwitting victim user.
If you haven’t heard it yet: stop using Internet-facing RDP. Changing the ports isn’t enough; it’s time to pick another more secure technology. And for phishing, many ransomware attacks continue to make it through your email filters. You need to block attacks that have made it in your users' inbox. Turn your users into a strong human firewall with new-school security awareness training and enable your users to make smart security decisions every day.