Data from Check Point Software Technologies shows that an alarming 1 out of every 44 health care organizations worldwide were hit by ransomware attacks in 2021, up 39% from 2020. According to the IT Professionals Survey, one out of three global healthcare organizations reported being affected by ransomware in 2020. Companies around the world have also seen a rise in ransomware attacks over the past year. Even giants like Colonial Pipeline and JBS Meatpacking have been victims.
Ransomware incidents have brought down key services and businesses across the globe. Schools, banks, government offices, and even police departments are among a wide list of victims. During the pandemic, there were numerous reports of ransomware attacks disrupting online classes, with school districts having to divert essential resources to tackling these assaults.
A Brief History of Ransomware
Ransomware was first officially recognized in 2005 with the GP Coder attack. There had been a similar demand for money in 1989, but the later attack was the first to display the current hallmarks of lockdown, ransom and unlock. In the intervening seventeen years, the attacks have not just continued, but evolved in terms of scope, damage, and value. They’ve even moved on to mobile networks.
These complex attacks are also mutating. They are not just holding data hostage any more. The first significant shift happened last year, with what we know as the ‘double-extortion’ attack. Here the ransomware not only encrypts data on-site, but also leaks the data to a collaborator. This actor could then extort the victim by threatening to release the data, unless they paid. According to one estimate, this format has increased 20% over the past quarter. Some 70% of ransomware attacks now include a threat to leak the targeted data. Exfiltration threats are quickly becoming part of the new ransomware landscape.
The Rising Impact of Ransomware Attacks
According to a report by Fighting Destructive Malware, an average single ransomware attack costs major multinational companies $239 million and destroys 12,316 computer workstations. Cybersecurity Ventures projects that by 2031, ransomware will be causing more than $265 billion (USD) in annual total losses to the victims, as the ransomware criminals develop their malicious payloads and blackmail tactics. The company suggests that as the number of potential targets grows, we could see an attack every few seconds somewhere in the world. Which is a terrifying statistic.
According to its annual Internet Crime Report, the FBI received almost 2,500 reports of ransomware in 2020. That’s 20% more than in 2019. The knock on effect of increased insurance premiums, lost time, damage limitation and device replacement suggest that the problem really is going to remain acute.
For example, in a recent attack against Kaseya, a remote monitoring and management services provider, the attackers planted a ransomware virus on systems belonging to over 1,000 organizations.
The number of crippling ransomware attacks has rocketed up in the United States, including the above mentioned Kaseya attack. Ransomware attacks increased 158% in North America alone (62% globally) from 2019 to 2020, according to a 2021 report from cybersecurity firm SonicWalls. Supply chain attacks rose by 42 percent during Q1-2021 in the U.S., affecting up to seven million people.
The Crippling Financial Burden of Ransomware Attacks
A report by ThycoticCentrify found that 64 percent of the 300 U.S. based IT decision makers surveyed suffered a ransomware attack in the previous 12 months. Some 83 percent paid the ransom to restore their data. Reported ransoms were as low as $50,000, although one ransomware attack CNA Financial Corp saw a massive ransom of some $40 million paid to the perpetrators. This attack affected 15,000 machines on the company’s network and was effected using the Phoenix Locker malware. Another attack was that on JBA, which eventually paid a ransom of $11 million in Bitcoin after having to shut down its food processing plants.
This was one of an estimated five thousand attacks orchestrated by the Russian malware group REvil. This ultra-organized group offered Ransomware as a Service (RaaS) to all takers across the globe using an affiliate scheme and shared revenues. The latest reports suggest that this extremely prolific operation was busted in a multinational sting operation in January of this year, resulting in the arrest of two ringleaders and the recovery of half a million Euros in ransom payments.
Conclusion | A Ray of Hope Against Ransomware
Despite successes such as the arrests of the REvil group, ransomware continues to impact businesses large and small. The fact is, where there’s money, there will always be a criminal element which seeks to exhort profit illegally. This is especially the case where remote attacks are so easy to set up, and the rise of cryptocurrencies such as Bitcoin make it easy to collect extorted funds and move them across borders.
The simple reality is that ransomware is unfortunately here to stay – at least for the near future. Until the technology improves to track, catch and prosecute, the best advice for companies is to always maintain current data backups at all times. And store the backups off-site or remotely on the cloud.
Keep software updated, maintain state-of-the-art anti-malware software and processes such as 2-factor authentication (2FA), and run regular pen-testing programs. Finally, and perhaps most importantly, promote regular and updated cybersecurity training for all members of staff.
The fact is that most ransomware attacks begin with a simple socially engineered approach, such as phishing or tailgating. By ensuring that all staff members are made aware of the security risks, attacks can be made much more difficult.
The war against ransomware may still be in full flood, but there’s no reason it shouldn’t be turned round with enough desire and a few sensible precautions taken at all levels in an organisation. Security is everybody’s affair, not just the tech department.