Technology Simplified Episode 1 - Ransomware
Apr 12, 2022 ·
10m 40s
Welcome and thank you for listening to our first episode of Technology Simplified – Tech Talk Everyone Can Understand. In this episode Will Slappey & Scott Curtis discussed current trends...
show more
Welcome and thank you for listening to our first episode of Technology Simplified – Tech Talk Everyone Can Understand. In this episode Will Slappey & Scott Curtis discussed current trends in ransomware, how it could affect your business, & some ways to protect yourself and recover in the event of a ransomware attack.
Check out the IT Voice website here:
https://www.itvoice.com/
Follow us on social media:
https://www.facebook.com/itvoicesolutions
https://www.linkedin.com/company/itvoice
https://www.youtube.com/channel/UCjqIcrCfbpSkr6UOTlPBngw
Ransomware trends in 2021 and 2022
•A few key ransomware trends emerged over the course of 2021 and will likely continue into 2022. Attackers realized that certain techniques yield better results and focused on those approaches. Here were some of the primary trends for ransomware in 2021:
•Supply chain attacks. Instead of attacking a single victim, supply chain attacks extended the blast radius. A prime example of a 2021 ransomware attack is the Solar Winds attack, which affected at least 18,000 of customers using their Orion software.
•Double extortion. In the past, ransomware was about attackers encrypting information found on a system and then demanding a ransom in exchange for a decryption key. With double extortion, attackers also exfiltrate the data to a separate location. There, it can be used for other purposes, including leaking the information to a public website if a payment is not received.
•Ransomware as a service (RaaS). Gone are the days when every attacker had to write their own ransomware code and run a unique set of activities. RaaS is a pay-for-use malware. It enables attackers to use a platform that provides the necessary ransomware code and operational infrastructure to launch and maintain a ransomware campaign.
•Attacking unpatched systems. This was not a new trend for 2021, but it is one that continues to be an issue year after year. While there are ransomware attacks that do make use of novel zero-day vulnerabilities, most continue to abuse known vulnerabilities on unpatched systems.
•Phishing. While ransomware attacks can infect organizations in different ways, in 2021, some form of phishing email was more often than not a root cause.
Ransomware statistics for 2021 and 2022
The statistics listed below provide insight into the breadth and growing scale of ransomware threats:
•Ransomware is part of 10% of all breaches. It doubled in frequency in 2021, according to the 2021 "Verizon Data Breach Investigations Report."
•Approximately 37% of global organizations said they were the victim of some form of ransomware attack in 2021, according to IDC's "2021 Ransomware Study."
•The FBI's Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021. This represents a 62% year-over-year increase.
•The Cybersecurity and Infrastructure Security Agency reported in February 2022 that it is aware of ransomware incidents against 14 of the 16 U.S. critical infrastructure sectors.
•Since 2020, there have been more than 130 different ransomware strains detected, according to VirusTotal's "Ransomware in a Global Context" report:
oThe GandCrab ransomware family was the most prevalent at 78.5% of all samples it received, according to VirusTotal.
oNinety-five percent of all the ransomware samples are Windows-based executable files -- or dynamic link libraries -- according to VirusTotal.
Ransomware statistics by industry
Ransomware can hit any individual or industry, and all verticals are at risk. That said, ransomware attacks have affected some verticals more than others in 2021 and will continue to be an issue for years to come. Here are the top 10 ransomware targets by industry, according to cybersecurity firm Sophos:
1.education
2.retail
3.business, professional and legal services
4.central government
5.IT
6.manufacturing
7.energy and utilities infrastructure
8.healthcare
9.local government
10.financial services
Costs of ransomware attacks and payment trends
The costs attributed to ransomware incidents vary significantly depending on the reporting source. Different points of view from both the private and public sector provide some visibility into the cost and payment trends for ransomware attacks:
•Ninety percent of ransomware incidents did not result in any loss, according to the 2021 Verizon report. While not every ransomware victim pays a ransom or incurs a cost, some do:
oIn 95% of the cases where there were ransomware-related costs, the median loss was $11,150, according to Verizon. However, losses ranged from a low of $70 to a high of $1.2 million.
•Twelve percent of victims paid out on ransomware attacks in the third quarter of 2021, according to the Corvus Risk Insights Index. The 2021 figure is a decrease from the 44% of victims that paid ransomware demands in the third quarter of 2020.
•In first six months of 2021, there was $590 million in ransomware-related activity, according to the U.S. Treasury's Financial Crimes Enforcement Network (FinCEN). For all of 2020, FinCEN only reported $416 million in ransomware-related costs.
Recent ransomware attacks
There have been many ransomware attacks in recent years that affected organizations and their customers. But, in 2021, supply chain attacks affected more than just the individual organizations that were breached. Here are some notable ransomware attacks that happened in 2021 and early 2022:
•Acer. In March 2021, global IT hardware vendor Acer was the victim of a ransomware attack executed by the REvil ransomware group.
•CNA Financial. In March 2021, cyber insurance carrier CNA Financial disclosed that it was the victim of a cyber attack. The attack was allegedly executed by a group known as Phoenix.
•Colonial Pipeline. In May 2021, Colonial Pipeline was the victim of a ransomware attack that affected the flow of oil across the eastern U.S.
•JBS USA. In June 2021, meat processing vendor JBS USA was hit by a ransomware attack that reduced the company's ability to package meat products. The company is reported to have paid $11 million in ransom to criminals that were using the REvil ransomware.
•Kaseya. In July 2021, remote management software vendor Kaseya was the victim of a supply chain ransomware attack. The attack was allegedly perpetrated by criminals using the REvil ransomware platform.
•Sinclair Broadcast Group. In October 2021, Sinclair Broadcast Group was the victim of a ransomware attack that crippled the network's broadcast operations.
•Public services. Schools, health services and local U.S. municipal governments were hit by ransomware attacks in early 2022, including Pembroke Pines, Fla., on Jan. 13, 2022; Linn County, Ore., on Jan. 24, 2022; and New Bedford, Mass., on Jan. 27, 2022.
How to protect against ransomware attacks
Organizations and individuals can take steps to mitigate ransomware attacks. But there is no silver bullet that will solve or defend against ransomware. What's needed is a multilayered approach to improve IT security overall. There are six key steps to safeguard assets against ransomware risks:
11.Maintain a defense-in-depth security program. Ransomware is just one of many risks that IT users face. Having multiple layers of defense is a key best practice.
12.Consider advanced protection technologies. The use of extended detection and response can help organizations identify potential risks that could lead to ransomware exploitation.
13.Educate employees about the risks of social engineering. More often than not, it's users clicking on something that they shouldn't that can lead to infection. Education and vigilance are important.
14.Patch regularly. Ransomware code often targets known vulnerabilities. By keeping software and firmware updated, a possible attack vector can be eliminated.
15.Perform frequent backups of critical data. Ransomware's target is data. By having reliable backups, the risk of losing data can be minimized.
16.Consider tabletop exercises. Preparing for ransomware with a tabletop exercise can identify potential gaps and ensure the right process is in place to mitigate and recover from a potential attack.
https://www.techtarget.com/searchsecurity/feature/Ransomware-trends-statistics-and-facts
show less
Check out the IT Voice website here:
https://www.itvoice.com/
Follow us on social media:
https://www.facebook.com/itvoicesolutions
https://www.linkedin.com/company/itvoice
https://www.youtube.com/channel/UCjqIcrCfbpSkr6UOTlPBngw
Ransomware trends in 2021 and 2022
•A few key ransomware trends emerged over the course of 2021 and will likely continue into 2022. Attackers realized that certain techniques yield better results and focused on those approaches. Here were some of the primary trends for ransomware in 2021:
•Supply chain attacks. Instead of attacking a single victim, supply chain attacks extended the blast radius. A prime example of a 2021 ransomware attack is the Solar Winds attack, which affected at least 18,000 of customers using their Orion software.
•Double extortion. In the past, ransomware was about attackers encrypting information found on a system and then demanding a ransom in exchange for a decryption key. With double extortion, attackers also exfiltrate the data to a separate location. There, it can be used for other purposes, including leaking the information to a public website if a payment is not received.
•Ransomware as a service (RaaS). Gone are the days when every attacker had to write their own ransomware code and run a unique set of activities. RaaS is a pay-for-use malware. It enables attackers to use a platform that provides the necessary ransomware code and operational infrastructure to launch and maintain a ransomware campaign.
•Attacking unpatched systems. This was not a new trend for 2021, but it is one that continues to be an issue year after year. While there are ransomware attacks that do make use of novel zero-day vulnerabilities, most continue to abuse known vulnerabilities on unpatched systems.
•Phishing. While ransomware attacks can infect organizations in different ways, in 2021, some form of phishing email was more often than not a root cause.
Ransomware statistics for 2021 and 2022
The statistics listed below provide insight into the breadth and growing scale of ransomware threats:
•Ransomware is part of 10% of all breaches. It doubled in frequency in 2021, according to the 2021 "Verizon Data Breach Investigations Report."
•Approximately 37% of global organizations said they were the victim of some form of ransomware attack in 2021, according to IDC's "2021 Ransomware Study."
•The FBI's Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021. This represents a 62% year-over-year increase.
•The Cybersecurity and Infrastructure Security Agency reported in February 2022 that it is aware of ransomware incidents against 14 of the 16 U.S. critical infrastructure sectors.
•Since 2020, there have been more than 130 different ransomware strains detected, according to VirusTotal's "Ransomware in a Global Context" report:
oThe GandCrab ransomware family was the most prevalent at 78.5% of all samples it received, according to VirusTotal.
oNinety-five percent of all the ransomware samples are Windows-based executable files -- or dynamic link libraries -- according to VirusTotal.
Ransomware statistics by industry
Ransomware can hit any individual or industry, and all verticals are at risk. That said, ransomware attacks have affected some verticals more than others in 2021 and will continue to be an issue for years to come. Here are the top 10 ransomware targets by industry, according to cybersecurity firm Sophos:
1.education
2.retail
3.business, professional and legal services
4.central government
5.IT
6.manufacturing
7.energy and utilities infrastructure
8.healthcare
9.local government
10.financial services
Costs of ransomware attacks and payment trends
The costs attributed to ransomware incidents vary significantly depending on the reporting source. Different points of view from both the private and public sector provide some visibility into the cost and payment trends for ransomware attacks:
•Ninety percent of ransomware incidents did not result in any loss, according to the 2021 Verizon report. While not every ransomware victim pays a ransom or incurs a cost, some do:
oIn 95% of the cases where there were ransomware-related costs, the median loss was $11,150, according to Verizon. However, losses ranged from a low of $70 to a high of $1.2 million.
•Twelve percent of victims paid out on ransomware attacks in the third quarter of 2021, according to the Corvus Risk Insights Index. The 2021 figure is a decrease from the 44% of victims that paid ransomware demands in the third quarter of 2020.
•In first six months of 2021, there was $590 million in ransomware-related activity, according to the U.S. Treasury's Financial Crimes Enforcement Network (FinCEN). For all of 2020, FinCEN only reported $416 million in ransomware-related costs.
Recent ransomware attacks
There have been many ransomware attacks in recent years that affected organizations and their customers. But, in 2021, supply chain attacks affected more than just the individual organizations that were breached. Here are some notable ransomware attacks that happened in 2021 and early 2022:
•Acer. In March 2021, global IT hardware vendor Acer was the victim of a ransomware attack executed by the REvil ransomware group.
•CNA Financial. In March 2021, cyber insurance carrier CNA Financial disclosed that it was the victim of a cyber attack. The attack was allegedly executed by a group known as Phoenix.
•Colonial Pipeline. In May 2021, Colonial Pipeline was the victim of a ransomware attack that affected the flow of oil across the eastern U.S.
•JBS USA. In June 2021, meat processing vendor JBS USA was hit by a ransomware attack that reduced the company's ability to package meat products. The company is reported to have paid $11 million in ransom to criminals that were using the REvil ransomware.
•Kaseya. In July 2021, remote management software vendor Kaseya was the victim of a supply chain ransomware attack. The attack was allegedly perpetrated by criminals using the REvil ransomware platform.
•Sinclair Broadcast Group. In October 2021, Sinclair Broadcast Group was the victim of a ransomware attack that crippled the network's broadcast operations.
•Public services. Schools, health services and local U.S. municipal governments were hit by ransomware attacks in early 2022, including Pembroke Pines, Fla., on Jan. 13, 2022; Linn County, Ore., on Jan. 24, 2022; and New Bedford, Mass., on Jan. 27, 2022.
How to protect against ransomware attacks
Organizations and individuals can take steps to mitigate ransomware attacks. But there is no silver bullet that will solve or defend against ransomware. What's needed is a multilayered approach to improve IT security overall. There are six key steps to safeguard assets against ransomware risks:
11.Maintain a defense-in-depth security program. Ransomware is just one of many risks that IT users face. Having multiple layers of defense is a key best practice.
12.Consider advanced protection technologies. The use of extended detection and response can help organizations identify potential risks that could lead to ransomware exploitation.
13.Educate employees about the risks of social engineering. More often than not, it's users clicking on something that they shouldn't that can lead to infection. Education and vigilance are important.
14.Patch regularly. Ransomware code often targets known vulnerabilities. By keeping software and firmware updated, a possible attack vector can be eliminated.
15.Perform frequent backups of critical data. Ransomware's target is data. By having reliable backups, the risk of losing data can be minimized.
16.Consider tabletop exercises. Preparing for ransomware with a tabletop exercise can identify potential gaps and ensure the right process is in place to mitigate and recover from a potential attack.
https://www.techtarget.com/searchsecurity/feature/Ransomware-trends-statistics-and-facts
Information
| Author | Scott Curtis |
| Website | - |
| Tags |
Copyright 2024 - Spreaker Inc. an iHeartMedia Company
