Target Ransomware Attack

Who are the main targets of ransomware attacks?

Our ransomware report, ransomware: The true cost to business, 81% indicated that they are very or extremely concerned about ransomware attacks. This is not surprising given the increasing ransomware threat.

According to the FBI’s Internet Crime Complaint Center, ransomware’s losses are expected to exceed $20 billion by 2021. This is 225% more than the previous year, according to IC3.


Ransomware is a threat type, which means that not all attacks can be considered the same. Ransomware does not always involve encryption. Some ransomware variants employ locking techniques to block victims from accessing their devices until they pay a ransom. Some use encryption to make victims’ files inaccessible until they pay a ransom.

Some differences can be used to divide targeted and opportunistic ransomware attacks. You can find enough kits to do-it-yourself ransomware on the dark internet for script kids to distribute ransomware via “spray-and-pray” tactics. This is where the idea lies: send as many enticements as possible to malicious crypto-malware payment loads to make these opportunistic hackers a profit.

They aren’t targeting specific targets with their ransomware attacks. They are betting on the fact that some organizations will be negligent in their backup and recovery hygiene, and that their threat detection strategy is limited to traditional anti-virus solutions. This makes it difficult for them to effectively defend against ransomware attacks.

Targeted ransomware attacks or RansomOps attacks are a different story. These campaigns are not carried out by low-skilled people. These attackers are skilled in sophisticated operations, which include extensive reconnaissance of the target to customize their attack sequences. This can lead to more devastating and effective outcomes.

Targeted RansomOps attacks don’t aim to target a large number of victims. The objective is to select a targeted target, usually in sensitive industries like critical infrastructure providers. Targets are also chosen based on their willingness to pay a large ransom demand. To get their victims, the attackers employ more sophisticated tactics such as privilege escalation or lateral movement on a network – similar to an APT group.


RansomOps targeted attacks have been more common in recent years than ever before. Let’s take the education sector for example. According to CBS News schools are the most common targets for ransomware attacks. This is because many educators’ staff and students are not trained to spot phishing emails, malicious URLs, and other digital threats. These organizations often rely on public funding which fluctuates from year to year, making it difficult to invest in security measures that are consistent year after year.

The industrial sector is another. Security researchers discovered that ransomware attacks were a problem in almost all industries, according to a report by ZDNet. However, almost a third of all ransomware incidents in 2020 were attributed to the services and industrial goods sector (29%)

This is a reflection of the dependence industrial organizations have on their physical processes. The disruption of these entities’ production systems could pose a threat to national security and/or public safety. Ransomware attackers know this and interpret it as an obligation on industrial victims to pay ransomware demands as soon as possible to restore normal operations.

Healthcare is no exception. This sector requires access to patient data to deliver life-saving treatment and other medical attention. They are therefore under greater pressure to pay ransom demands. While ransomware groups may have exploited this position in the past to attack healthcare organizations, TechRepublic has noted that other ransomware gangs have promised not to attack healthcare targets.


It’s striking that ransomware attacks can affect different industries in different ways. Respondents to our survey were asked if they had suffered revenue losses as a result of ransomware attacks. 64% responded that they had. This is in contrast to the approximately half of companies that reported revenue loss in other industries like legal.

There is also the percentage of ransomware victims who report job losses. Half of the legal organizations reported that they suffered these consequences. However, this was only 29% and 24% respectively for manufacturing entities.


There is one thing that’s certain in all these industries: Organizations need to be proactive about defending against ransomware attacks. They can do this by investing in multi-layer anti-ransomware solutions that use behavioral-based detection to disrupt the RansomOps attack.

Cybereason Operation -Centric means that there is no data filtering. It can detect ransomware earlier than others thanks to its multi-layered prevention, detection, and response.

  • Anti Ransomware Prevention and Deception: Cybereason employs a combination of behavioral detections and deception techniques to uncover the most sophisticated ransomware threats. The attack is stopped before any critical data can be encrypted.
  • Intelligence-Based-Antivirus: Cybereason Block known ransomware variants by leveraging an ever-growing pool of threat intelligence based upon previously detected attacks.
  • NGAV The Cybereason NAV is powered by machine learning. It recognizes malicious code and blocks unknown ransomware variants before execution.
  • Fileless Ransomware Security: Cybereason protects against attacks that use fileless and MBR ransomware, which traditional antivirus tools cannot detect.
  • Endpoint Security: Cybereason protects endpoints from attacks by maintaining security policies, managing device controls, and implementing personal firewalls. They also enforce whole-disk encryption across all device types.
  • Behavioral Protection: Cybereason blocks ransomware in most business document formats. This includes those that use malicious macros or other stealthy attack methods.

Cybereason works with cyber defenders to stop cyberattacks at all levels, from the endpoint to the enterprise to anywhere – even modern ransomware. Find out more about ransomware protection, or request a demo to see how your company can benefit from an operation-centric approach to security.