Blog / Phishing versus Ransomware
Why phishing may overtake ransomware as attackers’ tactic of choice.
Over the last couple of years ransomware has been king of the malware hill and the attack that has increased the most in frequency, and considering the potential revenue it can generate, it’s not hard to understand why. But of course, businesses haven’t been particularly keen about turning over hundreds of thousands if not millions of dollars worth of ransoms over to hackers. In response, defenses against ransomware have improved. A lot. A few years ago, people didn’t care very much about backups; now they’re critical to business continuation plans. Monitoring for file encryption never even used to be a thing, let alone the regular practice it’s become. New defenses have been developed and the ones that were already available evolved rapidly in the face of a major threat. The result is that ransomware infections have not become more successful. In its place, phishing has become the hacker’s attack of choice.
Now I’m not saying that ransomware is no longer a problem because it absolutely still is. The point is that in response to the severe damage ransomware causes, the standards recommended for backups have changed substantially, and even technology. In fact, nowadays most malware scanners now include some form of ransomware detection. In some ways, ransomware was too effective for its own good and pushed businesses to find a way to stop it.
So why is phishing becoming so popular?
Most likely it’s the low barrier for entry. When it comes to phishing scams, all you really need is a way of sending emails, some basic knowledge of how email works and human behavior, and the willingness to exploit someone. The ability to send email can be handled by any number of cloud service providers and a small monthly subscription. The payout? A couple of emails could net you anywhere from a few hundred to a few hundred thousand dollars.
It’s easy to find articles about companies being successfully phished and loosing money, and these attacks are often accomplished with little to no effort by the attacker. Mix in the global reach of the internet and you have an attack that pretty much anyone anywhere can get into and be successful with.
If you’d like to discuss your business’s plans for dealing with phishing or ransomware attacks, feel free to contact a TRINUS cybersecurity expert and we’ll be happy to help out.
Shakespeare is full of memorable quotes and this one comes from The Taming of the Shrew: “In brief, sir, study what you most affect.”
Be kind, courtesy your friendly-neighbourhood cyberman.