The FBI has issued a public service announcement entitled “High Impact Ransomware Attacks Threaten US Businesses and Organizations.” While the announcement doesn’t provide any details of specific attacks, the Bureau warns in the announcement:
Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminant ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 [the Internet Crime Complaint Center] and FBI case information.
This pronouncement will come as no surprise to anyone who’s followed the wide-ranging ransomware attacks against cities, counties, state agencies, and school districts over the course of 2019. While some of the most publicized attacks—such as the Baltimore City “RobbinHood” attack in May—have appeared to be opportunistic, many more have been more sophisticated and targeted. And these attacks are but the most visible part of an upsurge in digital crime seen by commercial information security firms thus far in 2019. In fact, sophisticated criminal attacks have nearly fully eclipsed state actors’ activity—despite there not being any reduction in state-sponsored attacks.
Data from CrowdStrike has shown a rise in what the firm refers to as “big-game hunting” over the past 18 months. These attacks focus on high-value data or assets within organizations that are especially sensitive to downtime—so the motivation to pay a ransom is consequently very high.