More than 100,000 enterprise IT email and collaboration accounts are compromised every day via phishing attacks. The goal of these phishing attacks is to insert Ransomware in the enterprise network as cyber criminals, scammers, look to exploit stolen credentials as quickly as possible to get access to the company’s critical information and financial assets. These compromised accounts are then manually accessed within 12 hours of the username and password being leaked on the dark web.
Ransomware operates because of malicious unauthorized access to enterprise applications, and ultimately locks up a user’s data. Scammers typically demand money in order to get a key to unlock or return the affected service and/or data. Recent ransomware payments help other malicious groups consider additional efforts to exploit both voice and data systems since owners show willingness to capitulate to ransom demands and pay millions in funds.
Ransomware attacks have become so prevalent that ransomware-as-a-service platforms have enabled virtually anyone who has dark web access and a bitcoin wallet to become a ransomware operator. Another area of concern is that some scammers are now making a common practice to exfiltration a significant amount of data before they do the ransom execution. And have full access to the enterprise’s financials. Scammers can literally paste screenshots of their QuickBooks. Some scammers, known as “string alongs”, will encrypt two or three keys and sell one key, not release the ransomware and then extort the enterprise again for the next key.