Diversionary Tactics: The Use of Ransomware as Misdirection

Companies today are seeing a disturbing trend when it comes to the most common attacks they are facing. Ransomware is on the rise and no OS is immune. In fact, most reports show that malware on Linux has tripled since 2015. According to the 2019 Malware Report from Cybersecurity Insiders, respondents ranging from technical executives to IT security practitioners from organizations of varying sizes, across multiple industries, offer clarity on what kinds of attacks their organizations are experiencing. The study found that 71% of respondents believe malware and ransomware will be a larger threat to organizations in the next 12 months, and 68% think malware and ransomware will be more frequent.

So, what best explains this increase and what is at stake with these ransomware attacks?

A Ransomware Threat You Haven’t Considered

One of the greatest threats of ransomware is its power to be used as a decoy. In fact, the power of ransomware as a tool for distraction dates back to 2015. By the end of 2016, a large number of targeted attack groups began adopting these methods of using ransomware as a tool to get IT and security teams chasing potential infections, allowing them to infiltrate the network and get what they are truly seeking. Even Linux systems aren’t immune to this type of ransomware threat. Back in 2017, Killdisk, malware used primarily for cyber-espionage, added decoy ransomware that was featured in a strain intended for use on Linux systems. When it comes to ransomware, it appears that everyone is at risk.

This approach causes considerable damage, as it causes so much confusion among victims and often delays effective responses. While attackers are entering the system in another area, IT response teams are preoccupied trying to recover from the initial ransomware attack—performing backup activities, shutting down offending systems, identifying internal ransomware procedures, and determining if they should pay the ransom.

Even more telling, 28% of organizations today do not have an incident response team in place to detect, investigate, and contain malware or ransomware. And 51% of companies are not confident in their organization’s remediation ability after it locks or encrypts data within their systems. These days, many admins are not even surprised if a ransomware screen appears. They simply attempt to recover and reload. All the while, the true purpose of the attack could be taking place in the background—with threat actors already inside attacking the network.

What’s the Actual Target of These Ransomware Decoy Attacks?

According to the 2019 Malware report, 77% of respondents believe financial gain is the main motivation for malware and ransomware attacks against organizations. In fact, ransomware costs today now average approximately $13,000. While this is a fairly significant amount, there is something that is potentially more valuable and appealing: data. According to the study, security experts believe the following is most at risk from malware and ransomware attacks:

  1. Customer information (60%)
  2. Financial data (60%)
  3. Intellectual property (52%)
  4. Employee information (48%)


Who Is Behind These Attacks?

More than two-thirds of participants in the 2019 Malware Report study believe that organized cyber-criminals, like those who utilized KillDisk, are directly behind malware and ransomware attacks on their organization. However, this may not always be the case. Ransomware toolkits and services are readily available on the underground marketplace, often for very affordable prices.  Other potential attackers include malicious insiders, or simply individual threat actors looking to sell data for a high profit.

How Should Organizations Protect Against Ransomware as Decoys?

These types of ransomware attacks can seem downright overwhelming. But with a native endpoint antivirus solution, like Powertech Antivirus, you can manage your IT environment, and easily detect and remove ransomware, viruses, worms, Trojans and other complex malware. And you would be in good company. 86% of organizations say antivirus and endpoint security tools are how malware and ransomware are typically detected when they enter their organization.

Now, Make Sure You’re Ready

The increasing threat of decoy ransomware across nearly every OS from Windows to Linux should motivate you to be ready for whatever comes your way. The best way to do this is to leverage a solution that stays current with the latest threat actors. Powertech Antivirus scans a file’s code to identify typical traits of exploits to help you catch unknown malware before they cause damage, ensuring you’re one step ahead.