Report: What’s Old in Enterprise Ransomware Attacks is Still Relevant

Ransomware attacks cost enterprise organizations across the country $8 billion in 2018, and a report released Tuesday digs into why these specific types of cyberattacks are so successful.

The report, released by Silicon Valley-based vulnerability management firm RiskSense, identified and analyzed the 57 most common vulnerabilities and exposures (CVEs) over the past two years and tied that data to how they were used to exploit organizations.

Using a mix of proprietary information, publicly available databases and RiskSense threat researchers and penetration testers, RiskSense found 63% of CVEs were tied to high-value enterprise assets, such as standard servers, application servers and collaboration tools. Atlanta suffered such an attack in March 2018, with an eventual cost to the city estimated at $17 million.

“Targeting these and other critical assets allows attackers to maximize business disruption and demand higher ransomware payments,” the report said.

The study also indicated that more than half of the 57 CVEs actually had a low vulnerability risk score in the common vulnerability scoring system widely used to assess risk in software.

“As a result, organizations that use CVSS scores as their exclusive means to prioritize vulnerabilities for patching will very likely miss important vulnerabilities that are used by ransomware,” the report states.

Other notable findings in the study suggest attacks very much like to reuse once-successful exploits. Fifteen of the vulnerabilities were used by “multiple families of enterprise ransomware,” according to the study, and 17 trending vulnerabilities affected more than one tech vendor. In addition, RiskSense found that “vulnerabilities from as far back as 2010 continue to be trending with ransomware in the wild.” In total, 32% of the analyzed vulnerabilities were from 2015 or earlier, and 16 of those vulnerabilities continued trending in 2018 and 2019.

“While consumer ransomware targets Windows and Adobe vulnerabilities, enterprise ransomware targets high-value assets like servers, application infrastructure, and collaboration tools since they contain an organization’s critical business data,” Srinivas Mukkamala, CEO of RiskSense, said in a statement. “While not totally unexpected, the fact that older vulnerabilities and those with lower severity scores are being exploited by ransomware illustrates how easy it is for organizations to miss important vulnerabilities if they lack real-world threat context.”

Editor's note: This article was updated to correct the location of RiskSense's headquarters.