Why ransomware attacks are on the rise

Like us, you've likely noticed that ransomware is in the news more and more lately. Major attacks have been hitting Fortune 500 companies, hospitals, factories, government agencies, colleges and universities, and more, and they show no signs of slowing down.

We're here to break down why ransomware attacks are on the rise — and what can be done about it.

What is ransomware?

Ransomware is a type of malware that prevents users from accessing their systems and files and requires them to pay a ransom to regain access. Most types of ransomware encrypt hard drive files so they can’t be accessed, although “locker ransomware” may erase files or block access to a system using other methods.

After encrypting systems, ransomware attackers demand a payment — usually in the form of Bitcoin or other cryptocurrencies — in exchange for a decryption key that will unlock the affected material. They may also threaten to sell or leak confidential data or delete system backups as an added incentive to make victims pay the ransom.

Ransomware can infect a system when users:

open malicious attachments in spam emails, often as a result of phishing
visit compromised websites
are redirected to cybercriminal servers by online ads, a.k.a. drive-by downloads
are tricked into opening attachments or clicking on links via social engineering

Ransomware is of growing concern and has the potential to cause tremendous damage to small businesses and Fortune 1000 companies alike. Below, we’ll outline how and why the threat of ransomware is rising — and what your organization can do to mitigate its effects.

How are ransomware attacks rising?

Although early versions of ransomware has been around since the late 1980s, the problem has only recently become a major threat. According to the Verizon Business 2022 Data Breach Investigations Report, ransomware breaches have increased more this year than the last five years combined. Similarly, Check Point Research discovered a 24% global increase in ransomware attacks this year, with one in 53 organizations affected in 2022 versus one in 66 in 2021.

Ransomware attacks are not only becoming more prevalent; they’re also becoming more costly. According to the same Check Point Research report, 11% of organizations paid ransoms of $1 million or more, and the average ransom paid out by companies increased nearly five-fold to $812,360.

As a result, we've seen more high-profile ransomware cases like the 2021 attack on the US-based software company Kaseya, where attackers compromised between 800 and 1,500 companies and requested a $70 million payment as ransom. Around the same time, the Colonial Pipeline ransomware attack caused panic buying at gas stations and necessitated a $5 million payment in Bitcoin. Meanwhile, the world’s largest meat supplier paid an $11 million ransom in Bitcoin after another attack that same month.

The impact of ransomware is being felt well beyond private corporations. In June 2022, Costa Rica’s national public health agency was attacked by ransomware. And ransomware attacks on health organizations can be particularly devastating; according to a recent report by SC Media, it costs around $1.85 million on average to recover ransomware-infected systems in the healthcare sector.

Unfortunately, the problem shows no sign of abating. A report from Cybersecurity Ventures predicts that, by 2031, ransomware will cost the economy around $265 billion each year, with a new attack happening every two seconds.

Why is ransomware on the rise?

Several different factors have contributed to the recent explosion of ransomware. From the effects of the COVID-19 pandemic and the growth of cryptocurrency to companies’ own evolving responses to ransomware, the changing digital landscape has created a perfect storm for ransomware.

Remote work

First, the increase in remote work has been a major boon for cybercriminals. Employees accessing the internet at home are much more vulnerable to attack, since they typically lose the protection of company firewalls and secure internet routers outside of their office networks.

Additionally, the increasing amount of confidential data stored in multi-cloud environments leaves companies more vulnerable to exposure. As a December 2021 Forbes article put it, “Remote work has left exposed access credentials littered across the enterprise.”

Although some companies require their remote employees to use virtual private networks (VPNs) and virtual desktop infrastructure (VDI), these measures are less effective with cloud-based resources. Furthermore, using a remote desktop protocol (RDP) can allow attackers to gain control of devices that belong to IT admins and other privileged teams.

The ransomware economy has been quick to adapt. The criminal landscape now includes “initial access brokers” who seek out vulnerable and exposed VPN and RDP access credentials and then sell them to the highest bidder to perpetrate more attacks.

Growth of cryptocurrency

Another major factor in the rise of ransomware is the growing popularity of cryptocurrency. From Ethereum and Dogecoin to USD Coin and Binance Coin, cryptocurrencies are typically regarded as harder to trace than other forms of payment.

While crypto transactions are not always untraceable in reality, the perception of anonymity has emboldened attackers to demand high payments. Ransomware criminals often require that their victims pay them in Bitcoin, with some even including step-by-step instructions to help users create Bitcoin wallets.

Cryptocurrency also offers great ease and speed in transferring millions of dollars across national borders, facilitating money laundering and making it harder to catch cybercriminals in the act.

More companies are paying ransoms

Just like a schoolyard bully taking someone’s lunch money, cybercriminals are emboldened by past successes. The more companies that pay their ransoms, the more likely they are to continue with ransomware attacks — and the more likely other criminals are to follow suit.

Unfortunately, the number of organizations paying ransoms is growing. A recent report from the Institute for Security and Technology found that the number of victims paying the ransom increased more than 300% from 2019 to 2020 alone. Although this figure is discouraging, it also makes sense: many organizations feel they have no choice but to pay when faced with the loss of irreplaceable systems and files.

Luckily, there are many effective ways to protect against ransomware. With the right preparation and security measures, organizations can avoid paying ransoms and even maintain business continuity in the event of an attack.

How to mitigate the impact of ransomware

First, organizations must conduct a cybersecurity risk analysis and develop an incident response plan that includes ransomware events. Make sure that this plan allows your company to quickly isolate and remove the ransomware threat and restore normal operations.

Next, consider investing in insurance policies that cover cyberattacks. Cyber insurance has become an increasingly common and sophisticated product, and it can provide critical risk mitigation for ransomware, malware, and other online attacks.

Below, we’ll cover a few more steps your organization can take to protect itself against the growing threat of ransomware.

Beware of phishing

Even with the growing sophistication of malware, most ransomware attacks are effective for one main reason: human error. As Deloitte notes, the number one delivery vehicle for ransomware is clicking a link or downloading an attachment in a phishing email.

Today, many phishing emails are successful because they effectively impersonate a trusted coworker or a contact who the user actually knows. Increasingly sophisticated social engineering on the part of attackers makes it easier for even tech-savvy users to be tricked into clicking compromised links.

To protect against phishing, organizations may employ anti-spam solutions and include warning banners when emails are coming from someone outside of the organization. It’s also important to warn employees that cybercriminals are able to create very authentic-looking phishing emails — sometimes even customized with information that those same employees posted publicly on their social media accounts.

All in all, an abundance of caution will help organizations avoid falling prey to phishing attacks.

Prepare for an attack

The Center for Internet Security and the Cybersecurity and Infrastructure Security Agency recommend a number of additional steps that organizations can take to prepare for a ransomware event:

Create multiple iterations of backups, store them offline, and routinely test them for data integrity.
Keep all systems and devices patched and updated, including cloud locations.
Employ antivirus, ad-blocker, and anti-spam solutions to prevent phishing emails and dangerous links from reaching the network.
Implement employee training and regularly remind workers of the dangers of clicking on unknown links and opening attachments in unsolicited emails.
Apply the principles of least privilege and network segmentation.

Use ShardSecure to mitigate the impact of ransomware

The ShardSecure platform helps organizations mitigate the impact of ransomware and protect sensitive data from double extortion attacks. With multiple data integrity checks, our technology outomatically reconstructs and relocates data compromised by ransomware. With virtual clusters that deploy on-prem or in the cloud, the platform also offers high availability during attacks and other disruptions.

Interested in learning more about how ShardSecure can help your organization mitigate the impact of ransomware and maintain business continuity? Visit our resources page today.