parallax circle item parallax circle item parallax circle item
Insights & Blogs

The rise of ransomware - 2019 update


In the two years since I wrote an article on ransomware, this issue has continued to plague individuals and companies worldwide.

So, what’s new in 2019?

WannaCry is still launching 3,500 successful attacks per hour
- Source:

The good news is that perimeter and endpoint protection created to combat these threats has become more common and more sophisticated but sadly so have the ransomware attacks.

WannaCry, one of the most notorious ransomware cryptoworms, continues to create worldwide damage years after their most notorious worldwide cyberattack of May 2017. Wannacry is still responsible for 3,500 successful attacks per hour according to research published by security firm Armis this May, noting that "a single WannaCry infected device can be used by hackers to breach your entire network."

Where is ransomware heading?

An interesting article from Recorded Future outlines four interesting trends of 2019:

  1. The ransomware market will continue to grow, but few campaigns will have impact
  2. Successful ransomware campaigns will continue to rely on open RDP
  3. GrandCrab bucks the trend# 1 and #2 above, and somehow be successful
  4. Nation-States and cybercriminals will continue to blend ransomware attacks

Ransomware attacks on businesses are still on the rise but the growth has slowed significantly. A recent Malwarebytes report found overall business detections of malware rose by 79% over the last year while ransomware detections in the business world only rose by 9%.

Business detections of malware rose by 79% over 2018
- Source:

Specific families of ransomware are still on the rise. Malwarebytes has found a sharp increase in Troldesh ransomware, also known as “Shade." between Q4 2018 and Q1 2019. Other big players from this period to watch out for are SamSam and GrandCrab.

The data shows that Ransomware is losing ground to other malicious activity such as Cryptojacking which is malicious mining of cryptocurrency. As defined by Enterprise Times in Cryptojacking 101, “the crooks get code onto your devices without your permission to mine for cryptocurrency using your equipment and your resources.”

How to combat ransomware

It is increasingly important to have the right policies and tools to prevent, detect and respond to cybersecurity threats. The focus of this blog is about the change in trends in ransomware, rather than selecting a tool to combat it as the latter topic is worthy of an entire blog. I can , however, offer some general advice on the subject.

Cryptojacking surged by 450% over the course of 2018
- Source:

Sophos released a valuable report Standing Up to Cryptojacking:

Best Practices for Fighting Back that is worth reviewing for information on this growing threat. In short, they recommend a layered approach similar to protecting against ransomware. The risks and methods of protection remain the same so check out my original article for a quick refresher.

There is no single solution to suit all businesses. You must strike a balance between security, cost and usability that is right for your organisation. In order to do this, you must understand what you’re trying to protect and define your requirements. Questions to ask include; What is your BYOD policy? Do you have many mobile workers? Do you plan to protect smartphones? Do you have a hybrid on-prem/cloud environment? Do you need to integrate with other existing security tools? Are you looking for one solution to protect both your user devices and servers?

When shortlisting vendors, look for a solution that:

  • Rates well in independent tests for real-time protection
  • Has a small footprint on protected devices
  • Includes centralised management and alerting
  • Has proven “next-generation” protection with behaviour analysis, learning, forensics and analytics, ransomware protection and threat intelligence.

In short, there is no one-size-fits-all solution. Sandfield can help you check you have the correct level of protection in place to suit your risk profile.

Many ransomware attacks use phishing as the method of infiltration. Watch this space for my next blog post on How to Spot a Malicious Email.

profile picture of Justin Knight

Posted by Justin Knight

Justin Knight leads the Infrastructure team and has been with Sandfield for 11 years. Justin enjoys designing robust solutions to host and deliver our customers applications and watching the team learn and grow with the ever-changing IT landscape.

Outside of work Justin is usually busy working with his family on their little farm, planting trees, raising animals and enjoying the produce from their land. Playtime often involves kayaking or swimming at the local beaches and estuary or walking and mountain biking through the forests around Northland.

Follow us for the latest insights

More Articles