Criminals will increasingly calibrate their ransom demands to an organisation’s financial performance, data assets and other measurables 

C-suite executives will increasingly be targeted by cyber criminals looking for ways of extorting money from large corporations, according to a report from CyberCube. Overall, the nature of ransomware attacks is changing with greater focus on organisations rather than private individuals. 

Yvette Essen, CyberCube’s head of content, said: “The Coronavirus outbreak is creating the ideal conditions for ransomware attacks to flourish. With widespread working from home, increased internet traffic, increasing use of technology for what were face-to-face transactions, corporations must increase their vigilance.”

According to figures from cyber security specialist Symantec, the volume of cyber attacks focusing on consumers has fallen from 69% in 2016 to 19% in 2018. In hand with this, payment demands are increasing, rising to millions of dollars in some instances.

Oliver Brew, CyberCube’s head of client services and one of the report’s authors, said: “The business model for cyber crime is evolving rapidly. Threat actor groups are conducting campaigns and adjusting their models to extract greater value from a smaller number of attacks. Recently, we’ve seen some very sophisticated and aggressive organised criminal groups conduct carefully targeted ransomware attacks, which mark a move away from the traditional high volume, low-value approach.”

CyberCube warns that organised criminals and hackers are moving away from “high volume, low-value” methods of attack to, instead, carefully selecting senior managers who have access to organisations’ bank accounts and are in a position to authorise payments.

Criminals are predicted to use artificial intelligence (AI) to construct algorithms that will ‘hunt’ for individual targets while deciding which of their “buttons to press” in order to obtain the maximum degree of compliance.

Criminals will more closely calibrate their ransom demands to an organisation’s financial performance, data assets and other measurables in the future. This includes appetite and ability to pay ransoms.