By Kelly Sheridan – Ransomware, already a major enterprise threat, is growing more problematic as operators brainstorm new ways to make their attacks easier to launch and more devastating for victims.

Mitchell Clarke and Tom Hall, both principal incident response consultants for Mandiant, have spent the past year analyzing the evolution in ransomware activity and watching as attackers grew smarter, intrusions took longer, and ransom demands spiked into the millions. New tactics demand businesses’ attention; as a result, executives have begun to grow concerned.

“We’re seeing more and more organizations at the board level, where CEOs and COOs are really asking questions of ransomware,” says Hall. “I don’t think the industry is catching up to it as widespread as it needs to be.” 

Attackers used to “just throw ransomware here and there — maybe you get lucky and get a few systems,” Clarke adds. WannaCry and NotPetya, both destructive attacks, signified what was to come. Over time, more attackers realized they could generate more profit if they took down a whole organization as opposed to a handful of systems at once.

For the financially motivated ransomware operators, this was motivation to change their game. Read On: