Cyberthreats are very real, and they are becoming more and more prevalent as technology progresses and the capabilities of dangerous cyber security risks increase. One of the most dangerous threats to cyber security is that of ransomware. Throughout the year 2021 there were 623.3 million ransomware attacks across the world, showing an increase of over 100% competitive the figures of the year before. While the 23% drop in 2022 gives reason for hope, it by no means indicates organisations can lower their defences or become complacent.
Despite it’s true that the improved government security and general education of cyberthreats is having a positive effect, the methods of attack are evolving.
What is Ransomware?
Just as a typical ransom holds someone’s possession, or even loved one, until a ransom fee is paid, ransomware follows a similar principle in a cyber sense. It is a type of malware or virus that restricts a person’s access to their data until they pay the enforced ransom. While phishing is still the most common form of cyberattack, ransomware is a major threat on the world’s scene.
An Evolving Threat
In the past, traditional ransomware attacks involved the encryption of data and charging a victim a ransom fee to get the decryption key. However, modern threats have become a lot more sophisticated and lot more damaging. Nowadays, the attacker will threaten not to restrict data, but to release or sell the data if they don’t receive the ransom payment. They now completely have the upper hand as whichever way the negotiation goes, they still make a win while the organisation they hold ransom still makes a loss. This is what is now known as a “double-extortion” scheme. Ransom criminals can also launch denial of service attacks, as well as harassing a victim through email or over the phone.
Not only have the threats grown more malicious, but the demands have also dramatically increased over the years. Between the years 2020 and 2021, the average demand of payment in the event of ransomware increases by a staggering 82 per cent to a record figure of $570,000. These demands have continued to increase and look to do so over the coming years.
Clearly, it’s important that organisations take all the necessary actions they can to improve their cyber security and protect themselves from the growing threat of ransom attacks. One way of doing this is to learn lessons from the high-profile attacks that have happened over recent years. We will look at a few of these famous incidents now, focusing on those that occurred in the year 2021, and examine the lessons that can be learned from them.
March 2021 – Revil Attacks Acer
What Happened: In the early months of 2021, computer giant Acer was hit was a deadly REvil ransomware attack. The ransom demand was a staggering $50 million, the largest known ransom to date at the time. The attackers announced that they had breached the organisation and proved it with images of allegedly stolen files, including financial spreadsheets, bank balances, and communications with the bank.
Lessons to Be Learned: This attack was notable in the way that it demanded an enormous amount of money and that instead of encrypting files, it exfiltrated them. With this knowledge, it came to light that there were new trends of ransom attacks on the horizon. Therefore, organisations could begin making preparations for this kind of attack, investing in powerful security software to up their defences.
May 2021 – DarkSide Attacks Colonial Pipeline
What Happened: In the beginning of May, the Colonial Pipeline Company, the company behind the largest refined oil pipeline system in the US, revealed it had become the latest victim of the ransomware group DarkSide. In response, the company suspended the IT assets that were affected and the pipeline that carries 100 million gallons of fuel across America every day. (Read more about the details of the case here: DarkSide Colonial therecord)
Lessons to Be Learned: As to be expected from an attack of a fuel provider, panic ensued and massive queues emerged as people tussled to fill up on gas. However, the panic was worse than the attack and that is something similar in most cases of ransomware. When you have strong and tested plans in place, follow the plans and try not to panic. Trust the systems you have in place and the recovery will be much faster and a lot more effective.
August 2021 – LockBit Attacks Accenture
What Happened: The IT consultancy firm Accenture identified irregular activity in the fourth quarter of 2021 which turned out to be an attack from the LockBit ransomware gang. They exfiltrated and publish sensitive information, amounting to 6 terabytes of data of which carried a $50 million ransom ticket.
Lessons to Be Learned: This attack reminded businesses to take a good look at the security standards not just of themselves, but also of their vendors, partners, and providers. These avenues of attack are often overlooked, but any weakness in your supply chain is a weakness that cyber attackers can exploit.
The Bottom Line
Evidently, ransom attacks are no simple threat. They are increasing in severity, sophistication, and expense, so it’s only logical to now begin looking at ways to improve your defences. Make any necessary changes, improvements or investments that you need to in order to protect yourself from the attack of a ransomware group. Not only is the monetary expense difficult to deal with, but often the damage to reputation is even harder to recover from. Once you experience a ransom attack and sensitive data is exposed to the public eye, people begin to lose trust and faith in your discretion and the reputation you have worked hard to build can come crumbling down in an instant.
Take all the necessary precautions you can now to protect your business in the future. Learn lessons from the ransom attacks that have hit the news in recent months and years and use these examples to strengthen your defences.