A new study by Emisoft confirms the cybercrime trend toward increasingly targeted ransomware attacks. The most common ransomware strain in Q2 and Q3 of this year was STOP (aka djvu), accounting for 56% of attacks. STOP is often masqueraded as an app for obtaining paid software for free. It mostly spreads via torrent sites and therefore targets individual users rather than organizations via generic campaigns. However, the other ransomware strains completing the top five are all used in targeted attacks. These are Dharma (12%), Phobos (8.90%), GlobeImposter 2.0 (6.50%) and REvil / Sodinokibi (4.50%).
While Ryuk ransomware did not crack the top 10, this highly targeted ransomware netted the threat actors behind it over $1M in ransomware payouts from two attacks on cities in Florida earlier this year. Riviera Beach paid $600,000 to the attackers and Lake City paid $450,000. Ryuk also targeted several other government entities in this period. Emisoft CTO Fabian Wosar stressed that “while the total number of ransomware attacks has declined, there has been a significant increase in the number of high-impact attacks targeting companies and public entities.”
Read more: Targeted Ransomware Attacks Show No Signs of Abating