There has been a global surge in ransomware attacks and shows no signs of slowing down.
The FBI confirmed in a statement that a professional cybercriminal group called DarkSide was responsible for the ransomware attack on the Colonial Pipeline network.
The ransomware is known to have been deployed in numerous targeted ransomware attacks including other oil and gas companies.
Check Point Research (CPR) reported in March that ransomware attacks had seen a 57% increase in the number of attacks since the beginning of 2021. Ransomware has a devastating financial impact on businesses as it is estimated that ransomware cost businesses worldwide around $20 billion - a figure that is nearly 75% higher than in 2019.
Since April, researchers have seen an average of over 1 000 organisations being impacted by ransomware every week. These increases have resulted in a staggering 102% overall increase in the number of organisations affected by ransomware compared to the beginning of 2020.
The industry sectors that are currently experiencing the highest volumes of ransomware attack attempts globally are healthcare, the utilities’ sector and Insurance/Legal.
It gets bleaker as the average ransom payment has increased by 171% in the last year and is now approximately $310 000.
Over 1 000 companies suffered data leakage after refusing to meet ransom demands in 2020 and approximately 40% of all newly discovered ransomware families incorporated data infiltration into their attack process.
Prominent attacks that have taken place at the end of 2020 and the beginning of 2021 point at a new attack chain that integrates an additional and unique threat to the process. This is called Triple Extortion. The first notable case is the Vastaamo clinic attack, which happened in October 2020.
The Finnish psychotherapy clinic suffered a year-long breach that resulted in extensive patient data theft and a ransomware attack.
A hefty ransom was demanded from the healthcare provider and smaller sums were also demanded from the patients. Patients would receive the ransom demands individually by email. In these damning emails, the attackers threatened to publish their therapist session notes.
On a wider scale and a much recent case, in February 2021, the REvil ransomware group announced that they had added two stages to their double extortion scheme – DDoS attacks and phone calls to the victim’s business partners and the media.
The REvil ransomware group offered DDoS attacks and voice-scrambled VoIP calls to journalists and colleagues as a free service for its affiliates. The aim is to apply further pressure on the victim’s company to meet ransom demands within a specific timeframe.
While it is all doom and gloom, there are steps that can be taken to prevent ransomware attacks.
– Be alert around weekends and holidays as most ransomware attacks over the past year took place over weekends and holidays when it is believed people are less likely to be watching.
– Always make sure keep your computers and devices up to date and apply security patches, especially those labeled as critical. This can significantly help limit an organisation’s vulnerability to ransomware attacks.
– Anti-ransomware solutions monitor programs are important. Make sure to run the program on a computer for suspicious behaviours commonly exhibited by ransomware. When these behaviours are detected, the program can take action to stop encryption before further damage can be done.
– It is crucial that users know how to identify and avoid potential ransomware attacks. Many cyber-attacks start with a targeted email that does not even contain malware, but a socially engineered message that encourages the user to click on a malicious link.
IOL TECH