Ten years ago, ransomware actors mainly worked alone or in small groups, targeting home computer users through spam emails to encrypt personal files and demand relatively small amounts of cryptocurrency for their safe return.
Today, many ransomware gangs operate like legitimate businesses, boasting hundreds of staff, targeting some of the world’s largest organizations, and collecting millions of dollars in ransom payments. However, some ransomware attackers are beginning to focus on individual users.
This is a growing trend. A recent report from Chainalysis found that payments to ransomware gangs under $1000 increased significantly throughout 2022/23, with gangs like Dharma and Djvu receiving average ransom payment sizes of just $265 and $619, respectively. But what’s driving this trend? And how can individuals protect themselves?
Why are Individuals Being Targeted?
Ransomware attackers are turning their attention away from prominent organizations and towards individuals for several reasons. Perhaps the most important of which is that large organizations have broadly cottoned on to the ransomware threat: watching the likes of Royal Mail, the City of Dallas, and MGM Casinos, to name a few, fall afoul of ransomware attacks in 2023 alone is bound to motivate big business to bolster their defenses. As such, although larger organizations are undoubtedly a lucrative target, a successful attack is becoming much more challenging to pull off.
Individual users, however, are usually easy prey. While they are unlikely to yield the enormous rewards big businesses can, they are much easier to attack. Individual users often lack the advanced security measures organizations have—robust antivirus software, firewalls, or regular security updates, for example—or practice poor cyber hygiene, using weak passwords or failing to keep up with the latest phishing attacks.
Because individual users are more accessible to attack, ransomware gangs can launch attack campaigns on a much larger scale. The number of individual users and personal devices globally creates a vast pool of potential victims. This volume can result in significant profits for ransomware gangs even with more minor ransom demands.
Moreover, individuals are often much more accessible to extort than organizations. Ransomware attacks on individuals usually directly and immediately impact their personal lives, including the loss of personal photos, documents, and financial records, motivating them to comply with ransomware demands. Similarly, individuals are more prone to panic and less aware of other ways to retrieve locked data—decryption tools, for example—than organizations.
Attacks on individuals also present a lower risk for attackers. While some ransomware gangs – like many criminals – seem to relish the spotlight, it’s much better to fly under the radar. Attacks on individuals often attract less attention from law enforcement than large-scale attacks on corporations or government entities. This lower visibility reduces the risk of investigation and prosecution for the attackers.
The rise of Ransomware-as-a-Service (RaaS) platforms has made it easier for less technically skilled cybercriminals to launch ransomware attacks. These platforms provide ready-to-use ransomware kits and infrastructure, enabling more attackers to target individuals. RaaS typically operates on an affiliate model, where developers offer the tools in exchange for a cut of the ransom payments. This model incentivizes affiliates to target as many victims as possible, including individuals.
How can Individuals Protect Themselves from Ransomware?
Protecting yourself from ransomware is easier than you might think. Here are some best practices that will protect you from most ransomware attacks. Remember, ransomware gangs look for easy prey, so practicing basic cyber hygiene will ward off most attackers.
- Regularly back up important data to an external drive or cloud service, ensuring these backups are disconnected from your primary device to avoid infection. Maintain multiple copies in different locations for added security.
- Install and maintain up-to-date antivirus and anti-malware software, enable your firewall to block unauthorized access, and regularly update your operating system and applications to patch security vulnerabilities.
- Use strong, unique passwords for all accounts, and consider a password manager to store them securely. Enable multi-factor authentication (MFA) wherever possible to provide an additional layer of security.
- Be cautious with emails and links. Avoid interacting with unsolicited emails and verify the sender’s identity. Hover over links to confirm their legitimacy before clicking.
- Secure your network using a strong Wi-Fi password and enable WPA3 encryption if available. Disable unused network services to minimize vulnerabilities.
- Use a standard user account rather than an administrator account for everyday activities, and review application permissions to ensure they are necessary and minimal.
- Stay informed about ransomware threats and educate family members about safe online practices. Use ad blockers to avoid malicious ads and ensure websites use HTTPS for secure data transmission.
However, even with these measures, there’s always a chance of falling victim to a ransomware gang. As such, you must prepare for this eventuality by developing an incident response plan that includes disconnecting your device, contacting authorities, and restoring data from backups. It’s also crucial to understand that paying a ransom doesn’t guarantee data recovery and may encourage further attacks: familiarize yourself with ransomware decryption tools and regularly audit your cybersecurity measures to address any weaknesses.
Conclusion
Ransomware gangs are increasingly targeting individuals. We need to do more to slow down this trend and protect ourselves. Individuals can ward off most ransomware attacks by implementing basic cybersecurity measures, such as keeping up with phishing scams and using strong, unique passwords for all accounts. Stay alert, stay vigilant, and stay safe.
About the Author
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
