Ransomware Trends in 2019

Ransomware is more damaging than traditional computer malware since it not only infects devices but also encrypts data. A ransom is then demanded in exchange for a decryption key that restores access to the data. But in many cases, the decryption keys provided don’t work. It’s no wonder the FBI recommends not to pay ransoms.

Hackers are constantly evolving their methods, and 2019 was no exception. Rather than just encrypt the data on infected devices, ransomware authors have started to target resources beyond the devices themselves tenable. For example, files on servers might be encrypted if an infected PC  has access. stop ransomware spreading via ad can enumerate mapped drives and the availability of file shares on the network.

Some hackers go even further by selling sensitive data. There have also been cases of hackers wiping data but still demanding a ransom. Compared to the final quarter of 2018, the average ransom paid increased by 89%.

Local governments in the U.S. have been hit hard by ransomware spreading via ad, including Baltimore, Delaware, and Kentucky. Instead of rebuilding their systems, some chose to pay ransoms against FBI advice. Doing so fueled criminals’ incentive to double down.

Ransomware Spreads via Active Directory

The last couple of years have seen ransomware like LockerGoga and Samas omitting a spreader. Malware usually includes a means of propagating itself from an initial infected device to other devices on the same network. But instead of writing and testing the extra code, which may be prone to failure, hackers are leveraging a mechanism that is already present in most organizations: Active Directory

To read full download the whitepaper:


Leave a Reply

Your email address will not be published. Required fields are marked *