Study reports a 500% increase in ransomware attacks against businesses

The Malwarebytes’ Q1 2019 Cybercrime Tactics and Techniques report discusses how cybercriminals have shifted their focus onto businesses with a 235% increase in business threat detections, whilst consumer threat detections decreased by 24% in the past year.

The report, based on data collected from millions of businesses and consumer users globally between January 1 and March 31, 2019, revealed an overall increase in business detection threats from the previous year by 235%.

The report identified a significant rise in business ransomware detections by 195% from Q4 2018 to Q1 2019, and in comparison to last year the rise of business ransomware has increased over 500%. This can be explained due to the massive attack by Troldesh ransomware against US organisations in early Q1.

Emotet have shifted away from consumers and continue to target enterprises, with the detection of Trojans (Emotet’s parent category) on business endpoints increasing more than 200% since Q4 2018. Emotet is the most invasive and costly to remove, and still continues to be the most common threat.

The US leads in global threat detections at 47%, which if followed by Indonesia with 9% and Brazil at 8%.

The report noted how adware detections for businesses increases whilst consumer adware detections remain steady.

“Consumers might breathe a sigh of relief seeing that malware targeting them has dropped by nearly 40 percent, but that would be short-sighted,” said Adam Kujawa, director of Malwarebytes Labs. “Consumer data is more easily available in bulk from business targets, who saw a staggering 235% increase in detections year-over-year. Cybercriminals are using increasingly clever means of attack to get even more value from targets through the use of sophisticated Trojans, adware and ransomware.”

Businesses have become more of an attractive target to cyber criminals due to the vast amount of data they compile about their customers, as well as “weak credentials, broad user access, and gaps in infrastructure allow threat actors to practically stroll into many organizations and take with them their customers’ database.”

“To that end, consumers are taking notice, and increasingly growing wary of trusting businesses with their PII (Personally Identifiable Information).”

Businesses need to work on establishing better security measures and privacy policies for storing and transmitting data safely for the sake of both the business and their consumers.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/