Between August 2020 and July 2021, there has been a 64% increase in ransomware attacks. Cybersecurity researchers analysed 121 ransomware incidents in this window period and determined a 64% year on year increase.
Trends and findings
Were these augmented attacks carried by newer gangs of cyber criminals?
They weren’t. All of the analysed ransomware attacks were carried out by just a select few high-profile ransomware groups. Of those, the gang by the name of ‘Revil’ accounted for 19% of the attacks while perpetrators of a new ransomware strain called DarkSide, were behind 8% of the attacks.
There were also commonalities between the attack victims as well. A majority of the ransomware victims belonged to municipalities, health care, and education.
The business world also observed a rise in ransomware attacks. The industry sectors in this case were infrastructure, travel, finance, and other markets. All of these contributed around 57% to all ransomware attacks between August 2020 and July 2021, which was an 18% rise.
Moreover, according to the report, ransomware attacks are also intruding upon software supply chains, which has a bigger payday for the hackers.
Ransomware attack patterns
The tactics behind ransomware attacks are also evolving. The ultimate ransomware objective is being met in stages, phishing and credential thefts laying down the groundwork to make it possible.
More and more web applications are also being injected with malware requests in hope of farming login credentials which can then be used to gain illegal access.
Once the hacker is in, he can then inject whatever form of ransomware he wants, effectively hijacking your entire system. However, it is not just that one ‘patient zero’ machine which gets infected; ransomware deployments are now aiming to spread through all machines connected to that first infected machine.
“On multiple occasions in the past year, attackers exploited an application vulnerability to gain control of the application infrastructure and eventually target the most valuable data to encrypt,” – a snippet from the report.
A shift in ransomware demand trends
Hackers are becoming arrogant and greedy. As per the report, the average ransom being demanded after system lockout is roundabout $10 million and more. In 18% of the ransomware attacks, the ransom demanded was less than $10 million while on 30% cases, the demand has crossed $30 million.
However, a new trend has also come to light: that of negotiation. In several ransomware cases, victims were able to bring down the ransom that they paid using negotiation tactics with the hackers, which just goes to show that with the right tools and techniques, organizations are learning to pull themselves out of deep cyber murk.
Murali Urs, Country Manager of the security research company which undertook the report (Barracuda Networks India), said, “Ransomware criminals have refined their tactics to create a double extortion scheme. The initial steps towards safeguarding an organisation from any possible ransomware attack involve assuming vulnerability and setting a goal of not paying the ransom.”
“Once that has been taken care of, it is necessary to implement anti-phishing capabilities in email and other collaboration tools, and consistently train your users for email security awareness. Companies should also secure their SaaS (software as a service) applications and infrastructure access points by implementing Zero Trust Access. Finally, it is crucial to stay put with a secure data protection solution that can identify your critical data assets and implement disaster and recovery capabilities. That way organisations can confidently put their foot down against the ransomware criminals,” added Urs.
More IT and security resources and updates.