Last year we saw the continuation of ransomware attacks gain traction in media headlines. Over the course of the first six months of 2021, the number of ransomware incidents increased by 62%. At the same time, we saw the average ransom payment rise by 120% (from $312K in 2020 to $570K in 2021). The cost of ransomware attacks on businesses worldwide increased to approximately $20B last year.
This increase has been driven not least by the increasing digitalisation of businesses, global shifts towards remote work practices due to the pandemic and insufficient budgeting of IT security teams. Furthermore, when targeted by a ransomware attack it is far simpler for many organisations to pay the ransom rather than trying to directly combat the threat. Given the rates of ‘successful’ penetrations and a rapidly increasing target base, companies and organisations should assume it is a matter of ‘when’, not ‘if’ they will be targeted.
In this article, we look at the top three trends contributing to this growing attack vector and offer recommendations for governments and businesses to combat this expensive threat.
Supply chains
Cybercriminals are continuously looking for vulnerabilities in software products to infect individual and corporate users with ransomware and demand ransom from them. Exploiting supply chains can give access to hundreds or even thousands of victims.
Last year saw Audi, Volkswagen and Mercedes-Benz subject to major data leaks. All three leading automotive companies each worked with vendors that left their sensitive information unencrypted and available online. This unsecured data was then accessed by unauthorized parties and used to extract ransom payments.
More sophisticated criminals are now targeting physical infrastructure. These attacks primarily target companies that have large budgets and nationwide significance. An example of such is the Colonial Pipeline. This attack led to the US suffering severe shortages of oil supplies for about a week. Given the broad impact on an economy these attacks can have, there is also the potential for involvement by foreign governments in one go and offers criminals a better return on their investment.
Cloud SaaS
Modern strains of ransomware target cloud SaaS data in addition to on-premise systems. Criminals are now targeting OAuth to gain access to corporate workspaces. OAuth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites, without giving them the passwords. Attackers are encrypting files and their previous versions preventing companies from using their corporate data.
Extortion
One of the latest trends in the ransomware world is double and triple extortion. Double extortion means that cybercriminals first steal the business’ data and only then encrypt its file system. In triple extortion, they additionally use DDoS attacks. As a result, criminals would profiteer not only from the ransom they demand but also from the exploitation of the stolen information. There are several ways the data can be used. First, the criminals can demand ransom for the data from the individuals (e.g. customers or employees of the attacked company). Second, they can sell the information on the dark web to other criminals.
The impact of double or triple extortion is devastating to a company, its employees, partners, and clients.
Not slowing down in 2022
The ransomware attacks on Colonial Pipeline, Volkswagen and other major organisations all made headlines last year and show no sign of slowing down. Across the world, hackers are exploiting security weaknesses and holding the data of companies, governments, and healthcare organizations hostage, sometimes demanding tens of millions of dollars in payment. It is imperative that organisations start to put forward actions to mitigate these attacks or risk endangering the business and brand they work for.
Critically, not all organizations have the right tools or resources to handle cyber threats such as ransomware. Many non-profit organisations and emerging economy governments are still trying to figure out how their digital transformation strategies may be ill-equipped to handle these emerging and evolving risks. Addressing cyber threats needs to continue to be a combined effort between those with the capacity and ability to do so, and sharing information, resources, and support to those most vulnerable.
Predictions
- Supply Chain: Businesses need tools that will not only protect them from ransomware but also enable control of access to their critical IT systems. With governments and regulators taking a greater interest in this area we will see regulators and policymakers developing more rules around access controls.
- Vulnerability/Patch Management: This year we will see governments mandate action to minimise vulnerabilities across the public and private sectors. Unpatched systems and software are one of the leading root causes of ransomware infections and breaches. Organisations must ensure they identify and remediate vulnerabilities across their infrastructure.
- Incident Response: There will be greater awareness and understanding of different incident response methodologies and more discussion among policymakers and the wider stakeholder community about the options available to organisations that suffered ransomware attacks.
- Cybersecurity Audits: For larger public and private organisations governments will remove the optionality of carrying out audits of security precautions and make it mandatory.
- C-Suite Issue: Ransomware will become an issue that demands C-Suite attention. Company leaders will make sure they are aware of the risks and appropriate steps are taken to minimise the potential losses for the business.
- Cyber Insurance: The insurance market has not kept up with the different types of cyber threats. This year there will be the creation of a greater range of products aimed at specific cybersecurity threats, increasing choice, and also offering insurance companies the ability to calibrate the risk they are taking on.
Subscribe to our news alerts here.