Ransomware Increasingly Used for Targeted Attacks

The latest ESET Threat Report reveals that cybercriminals specialized in 2020: ransomware attacks are now deployed for targeted assaults against enterprises – and their underlying infrastructure. Meanwhile, the volume of spam and phishing emails referencing the coronavirus pandemic surged markedly in the report covering Q4 2020.

Cybercrime underwent significant specialization in 2020 – a key conclusion from ESET’s newly published Threat Report for Q4 2020. The European IT security vendor’s experts use this final report of the year not only to reflect on 2020 as a whole but also to preview trends expected in 2021. One standout finding: ransomware is increasingly weaponized for precise, high-impact attacks against organizations – while its use in broad, indiscriminate mass campaigns continues to decline. Banking malware, meanwhile, has moved decisively into the mobile arena. As more users conduct financial transactions via smartphones or tablets, cybercriminals have followed suit – intensifying their focus on Android-based threats. In Q4 alone, numerous spam and phishing emails tied to the pandemic and the rollout of vaccines flooded inboxes. The full ESET Threat Report is available on WeliveSecurity.

Targeted Ransomware Attacks

From Q3 to Q4 2020, ransomware detections in ESET’s telemetry dropped by 3.9 percent. Cybercriminals are deploying encryption trojans less frequently in large-scale, scattergun campaigns – and instead tailoring them for highly focused operations. Enterprises bore the brunt of this shift. A prominent example was the successful attack on a German media company late last year.

Countries with the highest observed ransomware activity. Source: ESET Threat Report Q4 2020

Mobile Banking Malware on the Rise

Digital banking and online shopping have become immensely popular on smartphones and tablets. According to a recent Bitkom survey, 58 percent of private users now rely on their smartphones for online banking – a figure steadily climbing. While Windows-targeted banking malware has declined, cybercriminals significantly ramped up their Android-focused malicious code activities starting in Q3.

Fraudsters Promise Vaccination Access

2020 was defined by the coronavirus pandemic – and cybercriminals seized the moment, flooding inboxes with massive volumes of pandemic-themed spam and phishing emails. Through mid-year, these messages often peddled fake face masks; by Q4, the scam shifted to fraudulent vaccine access promises. This theme spiked in email traffic by roughly 50 percent. Pfizer-BioNTech’s name also surfaced frequently in deceptive subject lines such as “Pfizer’s Covid Vaccine: 11 Things you need to know.”

The ESET Threat Report for Q4 2020 is available on WeliveSecurity. Beyond extensive statistics on current cyber threats, ESET’s researchers detail the activities of various advanced persistent threat (APT) groups – including Lazarus and Winnti.

Key Facts

Cost per incident: A successful phishing attack costs enterprises an average of €4.76 million.

Social engineering: 98 percent of all cyberattacks leverage at least one form of social engineering.

Frequently Asked Questions

What should you do first during a ransomware attack?

Immediately isolate affected systems from the network, activate your IT emergency response plan, and engage your incident response team. Under no circumstances pay the ransom hastily – according to the BSI (Federal Office for Information Security), doing so increases the likelihood of further attacks.

Does backup reliably protect against ransomware?

Only if backups are stored offline or within an isolated network. Modern ransomware actively hunts down backup systems and encrypts them too. The 3-2-1 rule – three copies, two different media types, one offsite – is the absolute minimum standard.

Should you pay the ransom?

Both the BSI and the German Federal Criminal Police Office (BKA) strongly advise against it. Paying funds criminal infrastructure and offers no guarantee of decryption. According to Cybereason, 77 percent of those who paid were attacked again. Instead: file a formal police report and engage professional incident response services.

Related Articles

• Ransomware 2026: Incident Response in the First 60 Minutes
• MOVEit Attack 2023: Lessons from This Year’s Largest Supply-Chain Hack
• Ransomware Attacks – What They Look Like From the Victim’s Perspective

Header Image Source: iStock / PeopleImages

Fact: According to the Verizon Data Breach Investigations Report (DBIR), compromised remote access (RDP/VPN) is the most common initial entry vector for ransomware.

Fact: Per Sophos, the average downtime following a ransomware attack is 23 days.

TL;DR

• The latest ESET Threat Report shows cybercriminals specialized in 2020: ransomware attacks are now deployed for targeted assaults against enterprises – and their underlying infrastructure.
• Targeted ransomware attacks: From Q3 to Q4 2020, ransomware detections in ESET’s telemetry fell by 3.9 percent.
• According to a recent Bitkom survey, 58 percent of private users conduct online banking via smartphone – a trend on the rise.
• The number of spam and phishing emails referencing the coronavirus pandemic rose sharply in the Q4 2020 report.

About the author: Tobias Massow

More articles by Tobias Massow