Oct. 19 (UPI) -- Ransomware gangs, some capable of hijacking major computer systems in less than an hour, have emerged as the most common cybersecurity threat this year, according to a new report.
Cybercriminals have become so efficient at staging ransomware attacks that some skilled gangs need only 45 minutes between initial entry to a system and locking it down for ransom, Microsoft analysts said in their annual Digital Defense Report.
"This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets," Microsoft said.
"In addition to attacks becoming more sophisticated, threat actors are showing clear preferences for certain techniques, with notable shifts toward credential harvesting and ransomware, as well as an increasing focus on Internet of Things devices."
The rising sophistication of ransomware attacks has come in tandem with their booming popularity, which experts say in recent years have transformed the cybercrime environment.
Previously, it was mainly only companies in certain industry sectors who were regarded as likely cybercrime targets, usually because the data their systems held were seen by thieves as valuable for specific reasons.
Now, with the evolution of ransomware and the primary goal of extracting payment, the analysts say every business, organization and government is a potential target.
"Ransomware represents a major shift in this threat landscape, and it's made cyberattacks a very real and omnipresent danger for everyone," the report states.
"Encrypted and lost files and threatening ransom notes have now become the top-of-mind fear for most executive teams."
Microsoft said ransomware attacks were the prime reason in its incident response engagements between October 2019 and July.
Ransomware first gained widespread attention three years ago with the "WannaCry" attack, which was estimated to have affected more than 200,000 computers across 150 countries and was traced to North Korean hackers.
When compared to other prevalent types of computer threats like email "phishing" scams -- in which attackers entice recipients into revealing login credentials -- ransomware has emerged as the most dangerous and pernicious threat because it is directed by human operators, Microsoft analysts said.
Many victims who suddenly see "ransom notes" aren't aware they're dealing with an actual criminal in real time or recognize that immediate action is needed to avoid potential damage, the experts say. Also adding to the problem -- unlike email "phishing" and other mass-produced malware scams, ransomware hits are tailored to their targets.
Attackers frequently are aware of when their victims are most vulnerable and least able to upgrade security, such as on holidays, and when they may be more willing to pay a ransom rather than take downtime to bolster defenses.
In recent years, a record number of U.S. government systems, healthcare providers and educational institutions were targeted by ransomware gangs, with nearly 1,000 entities being successfully attacked at a cost estimated to be in the billions.
"In March 2018, the city of Atlanta was attacked and ransomware-encrypted servers made over one-third of the 424 citywide services inaccessible," Ken Durbin, senior cybersecurity strategist for antivirus software developer Symantec, told the House homeland security committee last year
"The clean-up costs for the attack are expected to run to over $10 million."
In another attack, Colorado's transportation department spent $1.5 million after it was targeted. Two Florida cities that were attacked paid the ransom, which totaled a combined $1 million.
While frequency and severity of ransomware attacks are skyrocketing, security threats revolving around the COVID-19 pandemic have not been as prevalent -- at least so far, Microsoft's threat assessment said.
While COVID-themed attacks represented only a fraction of total of malware Microsoft found during the 10-month study period, the experts said they show how hackers can quickly shift their motives as the landscape changes.
But in a cruel twist, Microsoft said global relief organizations, humanitarian aid groups and others involved in the response to the pandemic have been targeted by state-sponsored cybercriminals.
Microsoft says it observed 16 different nation-state actors who leveraged the crisis to "expand their credential theft and malware delivery tactics."