Skip to main content

Ransomware operators often purchase access to corporate networks

(Image credit: Image Credit: WK1003Mike / Shutterstock )

Cybercriminals that manage to break into corporate networks are rarely the ones to conduct ransomware attacks, new research from Proofpoint reveals. 

Instead, according to the security firm, “first-stage” attackers usually sell network access on the black market to other groups, who then deliver the malicious payload. What’s more, multiple groups often use the same malware to distribute their ransomware. 

“Cybercriminal threat groups already distributing banking malware or other trojans may also become part of a ransomware affiliate network,” the report explained.

With a market share of roughly 20 percent, banking trojans are the most widespread type of malware that victims encounter. The most common first-stage malware include The Trick, Dridex and Buer Loader, it was said. 

Looking forward, Proofpoint’s researchers believe ransomware will become less destructive, mostly due to government action. 

“In response to recent high-profile ransomware attacks, the United States government proposed new efforts to combat ransomware, and it was a hot topic at the 2021 G7 conference,” wrote Proofpoint.

“It is possible with new disruptive efforts focused on the threat and growing investments in cyber defense across supply chains, ransomware attacks will decrease in frequency and efficacy.”

While high-profile ransomware attacks often make headlines, that doesn't mean SMBs are not an interesting target for malicious actors. In fact, a recent report from Datto asserts that ransomware is a top threat for SMBs, resulting in loss of customers, reputational damage and huge fines. 

Experts are urging organizations of all sizes to educate their employees on the dangers of phishing, as that's the most common first step in a ransomware attack. Enabling two-factor authentication, as well as keeping systems and apps updated, can work wonders in the struggle against ransomware.