Once just a drop in the ocean of cybersecurity, ransomware in recent years has become a full-fledged industry, with operators running attack campaigns as-a-service, dividing responsibilities and sharing profits among different tiers.
Virtually every headline using the words “ransomware attack” deals in some way with the business world. Threat actors today are so profit-driven that they are almost entirely focused on large, lucrative enterprises, critical infrastructures and state institutions. But that doesn’t mean they’ll turn down smaller, easier targets if the opportunity arises.
Bitdefender works closely with law enforcement agencies to develop and distribute decryptors to ransomware victims worldwide, whether they are big businesses or regular Joes and Janes. Since the program’s inception in 2016, Bitdefender has helped victims save more than $100 million in ransom payments, and counting.
Our data shows that regular users are actively targeted by threat actors (indeed, disproportionally compared to the business sector) with at least three new strains of ransomware every month.
Strains are typically short-lived and get updated and rebranded before cyber defenders can take them on. Many of the remediation requests we get from users worldwide involve the most prolific consumer-oriented ransomware strain that consistently stands out in researchers’ data sets. Its name: STOP/Djvu.
Distributed worldwide since 2018 via social engineering, malicious installers, third-party downloaders, peer-to-peer networks, RDP exploits and other attack vectors, STOP/Djvu is your typical ransomware designed with one goal: to encrypt users’ data, rendering it inaccessible.
It also installs password-stealing malware, deletes Volume Shadow copies to block users’ attempts at restoring their files, and even blocks access to a long list of security vendors’ sites, preventing users from installing cyber defenses.
Needless to say, users stand little chance against STOP/Djvu if they don’t already have a security solution installed on their system before attackers target them.
Note: As a rule of thumb, even if your data ends up encrypted, you can still make backups of that data and decrypt it later, when / if a decryptor becomes available. Software engineers around the globe make it their mission to combat ransomware, so even if a decryptor isn’t available today for a particular ransomware strain, that may change tomorrow.
While attacks on big business involve hefty, million-dollar ransoms, campaigns focused on infecting regular users come with lesser demands, typically in the hundreds of dollars and rarely above $1,000. In the past few months, victims who came to us for help were asked to pay $800 on average.
These ‘affordable’ ransoms are meant to ensure that regular users can actually pay for the decryption ‘service.’ Victims often go down that route, desperate to regain their precious family photos and movies, music and film libraries, personal artistic work, and all kinds of important personal or financial data that may be lost forever.
Since many victims end up paying the ransom, attackers have a consistent flow of cash that not only makes operating STOP/Djvu feasible, but profitable too.
So, how do we defend against such a relentless cyber threat?
Malware authors will go to great lengths to cover their tracks and disable security defenses, or they completely evade detection with all-new malware that flies in the face of traditional signature-based antivirus tools.
Bitdefender engineers work tirelessly to train Machine Learning models to detect even the faintest signs of compromise by looking at the malware’s behavior – whether it’s ransomware or any other kind of advanced threat.
Bitdefender Total Security offers not one, but multiple layers of ransomware protection to make extra sure that users’ files are safe from encryption. In addition, users get multi-device protection compatible with Windows, iOS and Android in the most efficient anti-malware package available today, ranked high in independent tests year after year. Learn more at https://www.bitdefender.com/solutions/.
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.View all posts
May 16, 2023
March 10, 2023