If you’re responsible for the care and feeding of a business’ or organization’s IT infrastructure, you understand the risks ransomware poses. But sometimes it’s challenging to convince your organization of the threat when staying ahead of danger requires change or investment.
That’s why we’re kicking off a regular ransomware digest—not because you need the information, but maybe five quick, up-to-date, shareable takeaways will convince the staffer on your team that does.
1. Attacks Are Increasing in Frequency and Size
As year-end reports came out, we saw a staggering increase in both the frequency of ransomware incidents and the extortion amounts demanded. Ransomware attacks increased 485% year over year in 2020. And the first quarter of 2021 saw the largest ransom ever demanded hit $50 million when the REvil/Sodinokibi crime syndicate attacked PC manufacturer Acer in March followed by another $50 million demand against Apple supplier Quanta in April. In recent weeks, an attack on Colonial Pipeline Co. shut down the nation’s largest fuel pipeline, and hackers leaked thousands of sensitive documents after targeting the D.C. Metropolitan Police Department.
Attacks are only getting more frequent and bigger in part because ransomware as a service (RaaS) makes it easy for amateur criminals to get in the game. They can shop for RaaS variants designed by more sophisticated syndicates on the dark web and execute them for an affiliate fee.
2. Willingness to Pay Incentivizes More Attacks
Government agencies around the world advise against cooperating with cybercriminals. In fact, it can be illegal. Nonetheless, many organizations still comply with demands, often without reporting incidents for fear of the impact on their reputations or the risk of data exposure. Coveware, a ransomware recovery firm, reported a more than 3,000% increase in average ransom payments to $220,298 since Q3 2018 ($5,973).
Unfortunately, paying ransoms only serves to normalize payments, embolden criminals, and incentivize higher ransoms. If you need any more convincing, paying the ransom does not ensure your data will be restored or deleted by hackers as Coveware warned in late 2020. Per their reports, they’d seen the following behavior from major cybercrime syndicates:
- Sodinokibi: Re-extorting victims weeks after being paid.
- Maze/Sekhmet/Egregor/related groups: Posting data before making a ransom demand.
- Netwalker: Posting data from companies that already paid.
- Mespinoza: Posting data from companies that already paid.
- Conti: Showing fake files as evidence of deletion.
3. Schools and Hospital Systems Make Prime Targets
2020 taught us that relying on the goodwill of hackers to forgo attacks on organizations that serve the public good is far too generous. Schools and hospital systems are not just fair game, they’re prime targets. In 2020, 1,681 schools were affected by ransomware as well as 560 healthcare facilities according to a report by Emsisoft, a cybersecurity firm. Both schools and hospitals manage high volumes of personally identifiable information like social security numbers and patient data, and they may not have the resources to afford dedicated cybersecurity staff. In Q1 of 2021, reports of hospitals and schools hit by ransomware continued to make headlines, like the March attack on Broward County Public Schools where hackers demanded an astronomical $40 million.
4. Attackers Are Targeting Backup Data
Backups are supposed to be a failsafe, but any system that’s online and connected to a network is ripe for ransomware encryption. One security expert explained, “When we say ‘hacker,’ it’s not some kid in his basement. They’re stealthy, professional crime organizations. They attack slowly and methodically. They can monitor your network for months, until they have the keys to the kingdom—including backups—then they pull the trigger. That’s the battle we’re up against.” Fortunately, there are ways to protect your backups using immutability so you can successfully restore them in the event of an attack.
“When we say ‘hacker,’ it’s not some kid in his basement. They’re stealthy, professional crime organizations. They attack slowly and methodically. They can monitor your network for months, until they have the keys to the kingdom—including backups—then they pull the trigger. That’s the battle we’re up against.”
—Gregory Tellone, CEO, Continuity Centers
5. Repeat Attacks Are on the Rise
Unsurprisingly, hackers don’t always keep their promises when companies pay ransoms. In fact, paying ransoms lets cybercriminals know you’re an easy mark. In 2021, we’ve seen reports of repeat attacks, either because companies already demonstrated willingness to pay or because the vulnerability that allowed hackers access to systems remained susceptible to exploitation. Some companies ended up paying a second time.
The Good News
Of course, the good news is that all of this means it’s never been easier to justify investment to proactively protect. In fact, this could be seen as a team’s highest ROI investment when a delayed recovery could disrupt operations, cost sales, and damage reputation, too.