A Crisis Level Threat 

Ransomware has made itself known as one of the most dangerous and prevalent cyberthreats for the new decade. As society becomes more and more dependent on technology, hackers seek to disrupt daily operations by attacking fundamental operations. The statistics from the past year are startling. According to a yearly report published by Emsisoft Malware Lab, 2019 saw at least 996 ransomware attacks in the United States. The organizations impacted by these attacks included government institutions, healthcare providers, and educational establishments including colleges, universities, and even entire school districts. The estimated cost of this cyber onslaught is over $7.5 billion; the average being about $8.1 million per incident. 

However, the cost of these attacks was not only monetary. In the case of healthcare facilities like hospitals and care centers, operations were halted, forcing them to turn away emergency patients and reschedule surgeries. For local governments, critical systems like 911 and emergency response services were interrupted. The disruptions caused by ransomware attacks made it impossible to access important documents like health records and made day to day operations extremely difficult to carry on business as usual. Ransomware attacks not only endangered data, but people’s lives as well. With the rise of the COVID-19 pandemic, this particular risk is even more evident as already overwhelmed hospitals are increasingly vulnerable targets for ransomware strains like Ryuk. 

Ransomware on the Rise 

After the WannaCry ransomware attacks in May 2017, hackers have realized that ransomware pays big. Since then, a multitude of different ransomware strains have popped up and infected entities across the world. In late 2019 and 2020 alone, a few frontrunners have made themselves known and feared. Maze and Ryuk ransomwares have both made the news several times after hitting high profile companies and local governments, and then threatening to leak victim data. Other ransomware strains have piqued cybersecurity experts’ interests by only targeting certain regions of the world. As with most technology, ransomware is growing more sophisticated in its tactics. Some experts are thinking that artificial intelligence and machine learning will come into play, and cybercriminals will take advantage of these resources to make their malware all the more dangerous. Both sides are in an arms race in order to keep up with each other’s technological advancements. Hackers are using social engineering tactics as well, exploiting people using well disguised phishing attacks that are sometimes hard for even the best email-sceptic detectives to spot. All of these things mean more trouble in the way of victims attempts to recover data without paying a ransom for a decryption key. 

Targeted Attacks on Businesses, Healthcare, Government, and more… 

Ransomware operators aren't looking to hook small fish anymore; they are targeting bigger entities in hopes of scoring a larger payload. According to an article by ITPro Today, enterprise ransomware attacks increased by over 300% from 2018 to 2019, and we are likely to see that same trend in 2020. Businesses of all sizes are at risk, but small businesses are especially in danger because they may not have the advanced infrastructure to protect against such an attack. Hackers know this and make careful note of what potential targets may be low-hanging fruit with high reward.  When it comes to healthcare, especially in the current state of the world, ransomware operators are targeting vulnerable facilities like overwhelmed hospitals who are likely to pay a ransom in order to save lives which might be lost if immediate measures aren’t taken to regain control over critical systems. A lot of thought and research is going into these ransomware attacks, making them even more devastating. Inflicting maximum damage also comes with an increased ransom cost. 

Ransoms can cost anywhere from a few thousand to a few million dollars depending on how much the victim’s data is worth to attackers, but the costs to recover that data and lost sales often appear to outweigh the ransom price. Ransomware operators take advantage of the fear and panic and make ransoms appear as if they are the best way out of the situation. Many businesses will choose to pay the ransom, if the price is right, to avoid the hassle of recovery. If ransomware is ever to be stopped, ransom payments must stop also. Ransomware only runs rampant when there is profit to be made. 

In late December 2019, the US Coast Guard was hit by Ryuk Ransomware, and critical information technology systems were shut down for over 30 hours. The suspected point of entry for the attack was thought to be a phishing email. EWA (Electronic Warfare Associates) was attacked by Ryuk in January as well.  Evidence of the attack and encryption of web servers could be seen on company websites, which appeared as mostly gibberish, since the information had been encrypted. In February 2020, a Ransomware attack shut down a natural gas compression facility for two days, prompting the US Department of Homeland Security CISA (The Cybersecurity and Infrastructure Security Agency) to post an official alert. LaSalle County, Illinois was hit by a ransomware attack in late February that shut down 200 computers and 40 servers across several departments of government. These are only a fraction of the ransomware attacks that have occurred in the past few months. Planning for cyber-emergencies is just as important as planning for physical ones, and it’s more important than ever as ransomware operators try scary new tactics to get paid. 

Ransomware Attacks are Becoming Data Breaches 

As if being hit by an infrastructure crippling ransomware attack wasn’t enough, a new trend is raising the stakes for victims by blackmailing them into paying the ransom price or having their data leaked or sold. A strain of ransomware known as Maze ransomware started threatening to release victim data in late 2019, shortly thereafter creating a site completely dedicated to publishing leaked data. Maze is not afraid of high-profile targets either; they hit Southwire, one of America’s largest private companies (according to Forbes), and published over 14GB stolen files. This piqued the attention of the F.B.I., prompting them so send out an alert about Maze specifically targeting U.S. Companies. 

Other ransomware strains, such as Sodinokibi (REvil), Nemty, BitPyLock, DopplePaymer, and  Nefilm have adopted this same strategy in attempts to dissuade victims from seeking other methods of data recovery. Before encrypting files and demanding a ransom, operators are stealing sensitive information. Most ransomware is executed around three days after a system is infected. As the malware remains dormant and undetected, operators use this downtime to steal administrator credentials and confidential data. Whether or not this data is released, it still means that private information is in the hands of bad actors. Due to the popularity of this new trend, ransomware attacks are leaning more towards being classified as data breaches. 

How InfusionPoints Can Help Secure Your Environment 

Ransomware attacks are somewhat preventable. InfusionPoints can help by infusing cybersecurity capabilities into every point of your business solution's life cycle. We identify, validate, and report weaknesses in your organization's security posture, which helps employees be prepared to avoid common methods of entry for ransomware, like phishing emails. With our VNSOC360° Continuous Monitoring services, InfusionPoints reduces the detection and response time to an adversary's attempt to compromise your infrastructure. VNSOC360° Managed Detection and Response reduces dwell time by providing timely detection which reduces the length of time the adversary is in your IT ecosystem and limits the impact of a breach. VNSOC360° takes control of the chaos and mitigates your risks. 

Stay Updated on the Latest Developments 

Keep your infrastructure secure by staying aware of major ransomware attacks with InfusionPoints’ monthly newsletter! Each month, we curate an informative newsletter summarizing significant ransomware attacks from all over the world. Stay up to date on all the new tactics used by ransomware operators and stay ahead of the game. Sign up today!