Last week Malwarebytes released a report called Cybercrime Tactics and Techniques: Ransomware Retrospective in which they reveal how ransomware attacks have evolved over the past couple of years.

Ransomware made a name for itself in the consumer space initially, delivering malware through phishing emails to unsuspecting victims. The malware then encrypts parts of, or all of, a device and demands a ransom to unencrypt the data. Recently however, ransomware has taken more of a back seat with cybercriminals when targeting consumers due to other attacks becoming more popular. It’s been rediscovered this year however, but with businesses in the cybercriminal’s sights rather than consumers.


According to the report, attackers are switching from targeting mass amounts of consumers to specifically identifying businesses that they believe they can demand more money out of. The report shows that the detection of ransomware in businesses rose 365%, while detection of consumer attacks decreased 12%. Many businesses often leave themselves wide open to this sort of cyberattack by having poor security or a weak infrastructure. This allows attackers to encrypt critical data that a business requires in order run daily operations and they can then demand higher ransoms.

Malwarebytes explains what they think the reason behind the shift is in the report:

Cybercriminals are searching for higher returns on their investment, and they can reap serious benefits from ransoming organizations over individuals, who might yield, at best, a few personal files that could be used for extortion or identity theft. Encrypting sensitive proprietary data on any number of endpoints allows cybercriminals to put forth much larger ransom demands while gaining an exponentially higher chance of getting paid.

The report notes that it’s likely the attackers will continue to target specific businesses over consumers, making it more important than ever to ensure your business has the necessary policies, procedures and infrastructure in place.