A new report released today by IBM Corp.’s X-Force Incident Response and Intelligence Services team says destructive malware attacks have shot up threefold over the last six months as cybercriminals and nation-state actors escalate their attacks.

Ransomware bundled with so-called wiper elements — that is, the ability to delete data to increase the pressure on victims to pay a ransom — led the pack in increased numbers since January with ransomware attacks overall up 116%. “While not all ransomware attacks incorporate destructive malware,” the report noted, “the simultaneous increase in overall ransomware attacks and ransomware with destructive elements underscores the enhanced threat to corporations from ransomware capable of permanently wiping data.”

One of the most prominent forms of ransomware with wiper functionality this year has been MegaCortex, described in May as rapidly spreading across corporate networks. As Ars Technica noted, MegaCortex and a similar form of ransomware called LockerGoga still have a financial component as with traditional ransomware but also go after industrial systems as well as data.

The report said half of attacks targeted manufacturing, with an increase as well in attacks targeting oil and gas and education.

The most common method being used by cybercriminals remains phishing emails, followed by password guessing, third-party connections and watering hole attacks, which target a particular organization with malware installed on a websites regularly used by members in an attempt to infect computers inside the organization.

Noting that the data used is related to X-Force customers, the report found that destructive attacks are costing multinational companies $239 million on average, way more than $3.92 million average cost of a data breach. “A single destructive attack destroys 12,000 machines per company on average — creating quite a tab for new devices in order to get companies’ workforce back in action,” the report noted.

The report concluded that companies can do more to reduce risks from attacks, including testing response plans, tapping into threat intelligence, effective defense in depth, the use of multifactor authentication and — probably the most obvious one of all — “have backups, test backups and offline backups.”

Image: Christiaan Colen/Flickr