The year 2021 has met with a sky-high record of increase in Ransomware demand and Payments. The number of ransomware gangs increases alongside Dark Web “leak sites,” pressuring victims into paying a ransom.
Some of the most alarming statistics that are evident within the Palo Alto Networks Unit 42 Ransomware threat report are as follow:
- 144% rise in average ransomware demand in 2021 to $2.2m
- 78% rise in average recorded payment that averages to a sum of $541,010.
- The number of victims whose data was exposed din leak sites rose 85% in 2021
According to the vice-president of threat intelligence at unit 42, Ryan Olsen, “Cybercriminals are doubling down by finding additional ways to extort victims in conjunction with ransomware.”
The rise in ransomware is probably owing to some new techniques that cybercriminals are now deploying. As the Dark Web leak sites became famous in 2020, cybercriminals used them to identify ransomware victims, threatening to leak corporate information. However, in 2021, ransomware gangs started popularizing multi-extortion techniques.
These techniques have somewhat evolved the way ransomware occurs now. While the traditional data encryption and theft method are still ongoing, ransomware gangs threaten to launch a DDoS attack on the organization’s infrastructure or network if the negotiations demands fail. In case the negotiations fail, the organizations have to face the impending danger of data leaks.
The appearance of more ransomware gangs is another problem.
It is not only the evolution of malware that is a significant concern for organizations and security professionals alike. The modern threat landscape sees the appearance of more new ransomware gangs along with some re-emergence. The same report highlights:
- Conti ransomware is responsible for most criminal activity
- REvil or Sodinokibi is responsible for 7.1% of ransomware attacks
- Hello Kitty and Phobos each score 4.8% in their attack frequency.
Similarly, the report also highlights the emergence of 35 new ransomware gangs in 2021. Some of the most significant ones are:
- Black Matter
While the emergence of these gangs is already a significant cause of concern, it does lead to the next big question.
Are ransomware attacks increasing in sophistication and number?
Considering the emergence of these are significant ransomware gangs, it is evident that the attacks are likely to almost double in size. According to the report, it is precisely what Checkpoints’ mid-year security report found in August 2021. According to the report. The report highlights that the attacks occurring during the first half of the year had increased by 93%.
However, cybercrimes continue to evolve, and like every other industry, competition within the cybercriminal world is likely to increase. It is, therefore, possible that in an attempt to outdo the other, these gangs are likely to streamline their cyber attacks.
Therefore, the sophistication in ransomware attacks is bound to happen. The UK National Cyber Security Center highlighted in February 2022 that the ransomware attacks conducted over the past 12 months contained a new level of sophistication. The criminal gangs have a much more professional tactic and target impactful victims. As mentioned above, cybercriminals now take on more evolved methods of targeting victims along with the traditional ones. Some of the actions include:
- Stealing sensitive data from organizations that they often threaten to release publicly in case payments are made
- Targeting organization customers, suppliers, and business arenas
- Launching DDoS attacks in case payments are not made
Amidst this, ransomware is a theta that is likely to increase in the future. There does not seem to be a possible way that this threat will die down, which is why it is crucial for organizations to enable security.
How can organizations ensure security?
Ransomware is one of the most rising cybersecurity problems that every organization now has to fret over. According to a study by the World Economic Forum, 80% of cybersecurity leaders view ransomware as dangerous and evolving. Amidst this, organizations must enable robust security measures to combat the threat.
While no security solution is perfect, an organization can build a secure cybersecurity infrastructure to help prevent the rising ransomware issue. Some of the methods that they can practice are as follows:
Enable endpoint security through antimalware
Endpoint security is the most crucial element of enabling a robust cybersecurity infrastructure. Since ransomware continues to grow exponentially, it is essential for an organization to invest in a secure antimalware program.
Most antimalware programs contain a whitelist of known ransomware. Some of the best antimalware software regularly update these lists allowing users to stay secure. The antimalware software scans every file, document, hardware, or software that enters the network system, cross-matching them from its white list to ensure no possible infection signs. It, therefore, significantly helps organizations in remaining safe from ransomware and malware attacks.
Build a secure incident response plan
Ransomware attacks are sneaking, and in case they manage to sneak past an organization’s security measure, it is crucial to remain prepared. Building a proactive incident response plan can significantly help an organization remain safe from the worst impact of a ransomware attack.
Some key components that an organization can include within their incident response plan are ensuring they have data backups that they can turn towards to keep themselves afloat while negotiations with the cybercriminals continue. Moreover, it is also cruel that the organization keeps up a ransomware budget to pay the ransom if things take a turn for the worst and prevent data leaks and DDoS attacks.
Invest in data security
Data security and privacy are one of the most crucial factors in mitigating almost every cyber threat. Since data is the most valuable asset that cybercriminals target, it is essential to enable secure data security.
Organizations must store their data within an encrypted vault while ensuring data encryption. With this, in case of a ransomware attack, the cybercriminal won’t be able to leak information publicly. Moreover, in the case of hybrid working setups, employees must use VPNs to ensure secure data transfer and communication.
Since ransomware is a threat that will continue to increase and there seem to be chances of it ceasing soon, remaining security has become essential. Fortunately, as cybercriminals continue to sophisticate their attacks, cybersecurity leaders and professionals have come up with various effective methods of enabling robust security.