The Threat of Ransomware
A Crisis Level Threat
Ransomware has made itself known as one of the most dangerous and prevalent cyberthreats for the new decade. As society becomes more and more dependent on technology, hackers seek to disrupt daily operations by attacking fundamental operations. The statistics from the past year are startling. According to a yearly report published by Emsisoft Malware Lab, 2022 saw at least 220 ransomware attacks in the United States. The organizations impacted by these attacks included government institutions, healthcare providers, and educational establishments including colleges, universities, and even entire school districts. The IBM report explains that the average cost of a ransomware attack rises to $5.13 million
However, the cost of these attacks was not only monetary. In the case of healthcare facilities like hospitals and care centers, operations were halted, forcing them to turn away emergency patients and reschedule surgeries. For local governments, critical systems like 911 and emergency response services were interrupted. The disruptions caused by ransomware attacks made it impossible to access important documents like health records and extremely difficult to carry on business as usual. Ransomware attacks not only endangered data, but people’s lives as well.
Ransomware on the Rise
After the WannaCry ransomware attacks in May 2017, hackers have realized that ransomware pays big. Since then, a multitude of different ransomware strains have popped up and infected entities across the world. In late 2019 and 2020 alone, a few frontrunners have made themselves known and feared. Maze and Ryuk ransomwares have both made the news several times after hitting high profile companies and local governments, and then threatening to leak victim data. Other ransomware strains have piqued cybersecurity experts’ interests by only targeting certain regions of the world. In general, ransomware is also growing more sophisticated, some experts are thinking that artificial intelligence with come into play, making it even harder for expects to crack other means of decryption to get encrypted files back without paying a ransom.
Ransoms can cost anywhere from a few thousand to a few million dollars, but the costs of data recovery and lost sales often appear to outweigh that price. Ransomware operators take advantage of the fear and panic and make ransoms appear as if they are the best way out of the situation. Many businesses will choose to pay the ransom, if the price is right, to avoid the hassle of recovery. If ransomware is ever to be stopped, ransom payments must stop also. Ransomware only runs rampant when there is profit to be made.
Targeted Attacks on Businesses, Healthcare, Government, and more…
Ransomware operators aren't looking to hook small fish anymore; they are targeting bigger entities in hopes of scoring a larger payload. According to an article by ITPro Today, enterprise ransomware attacks increased by over 300% from 2018 to 2019, and we are likely to see that same trend in years to come. Businesses of all sizes are at risk, but small businesses are especially in danger because they may not have the advanced infrastructure to protect against such an attack. Hackers know this and make careful note of what potential targets may be low-hanging fruit with high reward. A lot of thought and research is going into these ransomware attacks, making them even more devastating. Inflicting maximum damage also comes with an increased ransom cost.
In late December 2019, the US Coast Guard was hit by Ryuk Ransomware, and critical information technology systems were shut down for over 30 hours. The suspected point of entry for the attack was thought to be a phishing email. EWA (Electronic Warfare Associates) was attacked by Ryuk in January as well. Evidence of the attack and encryption of web servers could be seen on company websites, which appeared as mostly gibberish, since the information had been encrypted. In February 2020, a Ransomware attack shut down a natural gas compression facility for two days, prompting the US Department of Homeland Security CISA (The Cybersecurity and Infrastructure Security Agency) to post an official alert. LaSalle County, Illinois was hit by a ransomware attack in late February that shut down 200 computers and 40 servers across several departments of government. These are only a fraction of the ransomware attacks that have occurred in the past few months. Planning for cyber-emergencies is just as important as planning for physical ones, and it’s more important than ever as ransomware operators try scary new tactics to get paid.
Ransomware Attacks are Becoming Data Breaches
As if being hit by an infrastructure crippling ransomware attack wasn’t enough, a new trend is raising the stakes for victims by blackmailing them into paying the ransom price or having their data leaked or sold. A strain of ransomware knows as Maze ransomware started threatening to release victim data in late 2019, shortly thereafter creating a site completely dedicated to publishing leaked data. Maze is not afraid of high-profile targets either; they hit Southwire, one of America’s largest private companies (according to Forbes), and published over 14GB stolen files. This piqued the attention of the F.B.I., prompting them so send out an alert about Maze specifically targeting U.S. Companies.
Other ransomware strains, such as Sodinokibi (REvil), Nemty, BitPyLock, DopplePaymer, Nefilm have adopted this same strategy in attempts to dissuade victims from seeking other methods of data recovery. Before encrypting files and demanding a ransom, operators are stealing sensitive information. Whether or not this data is released, it still means that private information is in the hands of bad actors. Due to the popularity of this new trend, ransomware attacks are leaning more towards being classified as data breaches.
How InfusionPoints Can Help Secure Your Environment
Ransomware attacks are somewhat preventable. InfusionPoints helps by infusing cybersecurity capabilities into every point of your business solution's life cycle. We identify, validate, and report weaknesses in your organization's security posture, which helps employees be prepared to avoid common methods of entry for ransomware, like phishing emails. With our VNSOC360° Continuous Monitoring services, InfusionPoints reduces the detection and response time to an adversary's attempt to compromise your infrastructure. VNSOC360° Managed Detection and Response reduces dwell time by providing timely detection which reduces the length of time the adversary is in your IT ecosystem and limits the impact of a breach. VNSOC360° takes control of the chaos and mitigates your risks.