Outside attackers still the biggest problem – except in healthcare.
The 2018 DBIR is the 11th edition of the report, and includes data not only from forensic investigations conducted by Verizon, but also 67 contributing organizations. In total, the report covers analysis on over 53,000 incidents and 2,216 breaches from 65 countries.
Ransomware was found in 39% of the malware-related cases covered in the report. Dave Hylender, Verizon senior network analyst and co-author of the report, says he was “a bit surprised” at an explosion of that magnitude.
The type of targets is changing as well. “When we first started seeing [ransomware], it was smaller organizations, one desktop, one laptop,” says Hylender. “Now it’s more widespread and affecting critical systems,” including servers.
Further, attackers are using ransomware for more than collecting ransom payments. They’re also employing ransomware to distract, disrupt, or destroy – as part of a multi-pronged attacks or a ransomworm like NotPetya, for example.
“There are a lot of things that are going under the guise of ransomware,” says Hylender. He cites an example in which an attacker requested payment, but made it almost impossible for themselves to decrypt the data even if they receiveed the payment; the goal was definitely to disrupt or wipe data.
“I think [ransomware] is growing because it’s continuing to work, but that kind of attack is [also] one of the reasons it’s growing,” he says.