Ransomware Attacks by the Numbers – and How to Defend Against Them
Since it first appeared more than 20 years ago, ransomware has been a constantly changing sort of malware. With multi-million dollar ransom demands in assaults against businesses like Colonial Pipeline, JBS Foods, and other key infrastructure providers, ransomware, which first emerged in the late 1980s, has reached an unprecedented level. cybersecurity services
By taking advantage of security flaws, ransomware vendors hold the data of corporations, governments, and healthcare organisations hostage and occasionally demand ever-rising ransom payments. As ransomware operations, or RansomOps, become more sophisticated, the distinction between state-sponsored and cybercriminal activity becomes ever more hazy.The burden of successfully defending against RansomOps assaults has never been more difficult, and the stakes for organisations are quite high. These sophisticated, low-speed attacks aim to infiltrate as much of the targeted network as possible before detonating the ransomware payload.
RANSOMWARE BY THE NUMBERS
A ransomware attack affected 73% of firms in 2022, up from just 55% in the 2021 research, according to our recent report, Ransomware: The True Cost to Business Study 2022. The survey also discovered that 80 percent of businesses that complied with a ransom demand later saw another attack from ransomware, with 68 percent reporting that the second incident occurred less than a month later and that threat actors sought a greater ransom sum.
According to the report, over one-third of firms (31%) were forced to temporarily or permanently halt operations as a result of a ransomware assault. Additionally, nearly 40% of businesses had to lay off personnel as a result of the attack, and 35% of businesses experienced C-level resignations.
According to the Harvard Business Review, in 2020, ransoms paid to attackers climbed by 300 percent as a result of the unexpected rise in remote working and lax home security measures, which gave ransomware operators more methods to spread their virus.
Numerous big attacks on businesses and organisations occurred in 2021 both domestically and internationally. HEALTHCARE UNDER SIEGE FROM RANSOMWARE
When the COVID-19 crisis broke out in 2020, numerous hackers attacked the healthcare industry by profiting from the upheaval and unrest. According to one analysis, ransomware attacks cost the healthcare sector over $20 billion in lost income, legal fees, and ransom payments in just 2020.92 ransomware assaults hit over 600 clinics, hospitals, and other healthcare institutions. 15.5 billion cybersecurity incidents are reported by Johnson & Johnson every day, according to Marlene Allison, director of information security.
The Colonial Pipeline breach in late April 2021 received the most media attention of all the hacks and Ransomware that year. Colonial ultimately caved in and paid the organisation $4.4 million in bitcoin. Fortunately, by tracking the movement of cryptocurrency and digital wallets, the FBI was able to locate and collect a significant portion of the ransom payment.
In order to access Acer files and release photos of spreadsheets and private financial information, REvil exploited a vulnerability in Microsoft Exchange.
Although the end of the epidemic was announced in the spring of 2021, the escalating trend of cyberattacks since 2020 has shown no indications of slowing down. One of the largest meat processors in the world, JBS Foods, was the target of a high-profile ransomware attack in May that is thought to have been carried out by the same Russian gang that targeted Acer, REvil (CNN).
The attack, which allegedly originated from the hacking collective Evil Corp, made use of a brand-new malware programme named Phoenix CryptoLocker.
REvil, the same hacker collective that targeted Acer, Quanta, and JBS Foods, made news once more in July when they targeted Kaseya. Kaseya controls the IT infrastructure of the biggest corporations in the world, while not being well-known to consumers. Similar to the attacks on Colonial Pipeline and JBS Foods, this hack has the enormous potential to seriously damage important economic sectors.About 50 of Kayesa’s clients and close to 1,000 businesses reportedly suffered. The hacker collective demanded $70 million worth of bitcoins.
DEFENDING AGAINST RANSOMWARE ATTACKS
The only option for organisations to move forward is to stop an infection before it starts. they must invest in an anti-ransomware solution that doesn’t rely on IOCs to accomplish this.Security teams need a multi-layered platform that makes use of indicators of behaviour (IOBs) so they can identify and stop a ransomware attack chain whether or not anyone has ever seen one before. Long before the ransomware payload is actually delivered, IOBs identify and stop a ransomware attack at its earliest phases of initial entry, before sensitive data is exfiltrated for double extortion.
Keep a backup copy of all important information, along with a recovery strategy.
However, you shouldn’t rely just on data backups to safeguard your business. T\The threat actor will then make a second demand for payment from the victims in order to stop the attackers from posting their data online.
NEXTGEN ANTIVIRUS AND FIREWALLS
Install NGAV anti-malware software and a firewall to provide the highest level of security. Maintain the most recent version of your antivirus programme, and scan any apps you obtain from the Internet before launching them.
LEAST PRIVILEGE POLICY
Limit users’ abilities (permissions) to install and run undesirable software programmes and restrict access to sensitive information as necessary. Limiting these privileges can stop malware from running or stop it from spreading widely across the network.
REPORT SUSPICIOUS ACTIVITY TO YOUR SECURITY TEAM
Be alert for any unusual activities and alert your neighborhood security and support personnel right away. Early warnings can enable teams to respond swiftly, slow the spread of malware, and keep harm to a minimum.
By following these easy instructions, you may secure your system and files while preventing thieves from counting this as another successful attack.
LOCK DOWN CRITICAL ACCOUNTS FOR WEEKEND AND HOLIDAY PERIODS
Refer to our previous 2021 report, Organizations at Risk: Ransomware Attackers Don’t Take Holidays, for more details on weekend and holiday ransomware threats.
In order to genuinely have a proactive anti-ransomware strategy in place, your multi-layered solution should allow you to evaluate ALL data in real-time (not just endpoint data), defend you against double extortion, and prevent never-before-seen executables. cybersecurity services