The year 2020 has been one of the toughest years for several reasons. While you can expect the word “pandemic” or “Covid-19” to pop up in most people’s minds when they think of 2020, ransomware attacks have been and continue to be a nightmare for many others in both private and public organizations.
As per Bitdefender’s 2020 Consumer Threat Landscape Report, the number of reported ransomware attacks witnessed a mind-boggling year-over-year (YoY) increase of 485% in 2020 compared to 2019. US data security company Zscaler’s chief information security officer has said that Covid-19 has been a catalyst driving up ransomware attacks. “Our researchers witnessed a fivefold increase in such attacks starting in March 2020, when the World Health Organization declared the pandemic,” the executive stated.
Seven months into 2021, more reports of high-profile ransomware attacks continue to pour in:
In April, the Colonial Pipeline attack disrupted gas supply in the United States east coast and resulted in a ransom payout of $4.4 million (though most of the money was recovered).
Brenntag, a chemical distribution company, also paid a $4.4 million ransom in May.
The electronic hardware company Acer was the victim of a $50 million ransomware attack in May.
JBS Foods, a leading meat processing company, paid out $11 million in ransom, also in May.
A few other big names successfully targeted by infamous hacker groups such as DarkSide, REvil and others include Quanta, NBA, AXA, CNA, CD Projekt and Kia Motors. What is more disturbing is that only the high-profile attacks make the news while the thousands of ransomware attacks hitting smaller businesses go unreported. According to security company SafeAtLast, one ransomware attack on businesses will take place every 11 seconds in 2021.
Before exploring the reasons behind the increase in ransomware attacks since the start of the pandemic, let us first understand what constitutes a ransomware attack. Here is the definition according to the Canadian Center for Cyber Security:
“Ransomware is a type of malware (malicious software) that makes data inaccessible. When ransomware infects a device, it will either lock the screen or encrypt all of the files. Ransomware can also use a network to spread to other connected devices. It will be obvious if your device is infected with ransomware because it will announce itself with a page explaining that your files are inaccessible and that you need to pay a ransom to retrieve them. Sometimes this ransom note is made to look like it came from a law enforcement agency, and it will say that your files were locked because your computer was used for some form of illegal activity.”
The cause for the rise in ransomware attacks can be narrowed down to two key factors or a combination of the two:
Remote Networks: The popularity of remote work triggered by the pandemic has resulted in many people accessing work-related data and business systems via relatively unsecured private networks and personal devices.
Cryptocurrency: The growth of cryptocurrency is inherently hard to trace, making it easier for cybercriminals to demand ransom and get away with it.
The concept of Ransomware as a Service (RaaS) first surfaced in the middle of the last decade. However, recently RaaS seems to have increased in popularity. This is because the RaaS model makes it easy for even technically illiterate criminals to launch ransomware attacks, make money from it and get away with it fairly quickly.
RaaS works more like a structured organization, with a programmer, the service provider and the attacker working in tandem to pull off an attack, with profits shared amongst the collaborators.
Unfortunately, there is no single magic bullet to ransomware security threats. The best way forward in the current situation is to be on constant vigilance while also taking all possible preventive measures to minimize the risks.
Being vigilant constitutes maintaining and following a robust security policy strictly. Priority should also be made on a cybersecurity budget to implement the latest and the best security measures that an organization can afford.
In conjunction with the former points, the other method to thwart the rise in ransomware attacks is to stay a step ahead of the cybercriminals by enrolling the services of professional hackers or ethical hackers. Ethical hackers can work with your organization to expose any potential vulnerabilities or weaknesses in your IT systems or applications and help you patch them.
Packetlabs is a Toronto-based ethical hacking company that provides professional penetration testing services to uncover vulnerabilities industry standards overlook. For more information on how our services can make your organization more secure, write to us at info@packetlabs.net or request a free quote.
October 24 - Blog
Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.
September 27 - Blog
InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.
September 26 - Blog
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.