Ransomware is getting a lot of attention these days. Its popularity makes sense: As noted by Ars Techinca, for example, ransomware phishing emails are now scraping LinkedIn and other sources for reliable data on employees and then shooting legitimate-looking email spears to companies around the world. Once infected, many businesses consider paying out and walking away since they can’t risk bad publicity or the loss of critical files.

Cybercriminals aren’t resting on their laurels. New ransomware incidents suggest that not only are bad guys stepping on the gas, but they’re also changing direction to increase their earnings.

Fast and Locked

Three years ago, ransomware was a niche market; brute-force hacks to grab point-of-sale (POS) data or disrupt corporate operations were the de facto standard. But increasingly sophisticated methods to conceal encryption code and prevent white-hat firms from disinfecting compromised computers, coupled with the massive scare factor of a locked-out device, conspired to make this particular brand of attack a lucrative endeavor. Now, ransomware is an industry unto itself, complete with market leaders, knock-off kits and even customer service.

According to CSO Online, companies are dealing with an influx of ransomware attacks. Security firm Stroz Friedberg saw three to four cases per week over the first quarter of 2016 spread across multiple industries. What’s more, the asking price is on the rise, prompting some companies to consider payment rather than remediation.

Prevention is the ideal defense, either through increased awareness of common tactics or improved detection systems that catch ransomware in its earliest stages. The problem? Malware-makers are changing targets.

Ransomware Incidents Start Fresh

Companies are familiar with common ransomware incidents. Often, legitmate-looking emails arrive in employee inboxes or users are victimized by drive-by downloads. But as noted by PCWorld, the bad guys are changing direction. Now, they’re taking a more direct route by targeting unpatched server-side software.

The threat is called Samsam, and it works like this: Attackers use Jexboss, a legitimate penetration tool, to exploit the JBoss enterprise application server. If they discover unpatched software, it’s possible to install ransomware code directly, in turn compromising all connected computers.

A recent ransomware incident asked for more than $18,500 in bitcoins after a successful Samsam attack. With most companies covering their bases for other, more familiar infection pathways, this innovative attack is a win-win for cybercriminals.

Ransomware is now an industry unto itself. Like any forward-thinking tech vertical, there’s big emphasis on speed and innovation; malware-makers are looking to ramp up their infection volume while also developing new and unexpected ways to slip past corporate defenses. For companies, this means it’s time to buckle up — 2016 may be a bumpy ride.

More from

How to Spot a Nefarious Cryptocurrency Platform

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

Are Threat Actors Using ChatGPT to Hack Your Network?

Though the technology has only been widely available for a couple of months, everyone is talking about ChatGPT. If you are one of the few people unfamiliar with ChatGPT, it is an OpenAI language model with the “ability to generate human-like text responses to prompts.” It could be a game-changer wherever AI meshes with human interaction, like chatbots. Some are even using it to build editorial content. But, as with any popular technology, what makes it great can also make…

Why Crowdsourced Security is Devastating to Threat Actors

Almost every day, my spouse and I have a conversation about spam. Not the canned meat, but the number of unwelcomed emails and text messages we receive. He gets several nefarious text messages a day, while I maybe get one a week. Phishing emails come in waves — right now, I’m getting daily warnings that my AV software license is about to expire. Blocking or filtering has limited success and, as often as not, flags wanted rather than unwanted messages.…

Bridging the 3.4 Million Workforce Gap in Cybersecurity

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen. Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper…