Why ransomware attacks are on the rise

What is ransomware?

Ransomware is a type of malware that prevents users from accessing their systems and files and requires them to pay a ransom to regain access. Most types of ransomware encrypt hard drive files so they can’t be accessed, though “locker ransomware” may erase files or block access to a system using other methods.

After encrypting systems, ransomware attackers demand a payment — usually in the form of Bitcoin or other cryptocurrencies — in exchange for a decryption key that will unlock the affected material. They may also threaten to sell or leak confidential data or delete system backups as an added incentive to make victims pay the ransom.

Ransomware infections can happen when users:

• open malicious attachments in spam emails, often as a result of spear phishing
• visit compromised websites
• are redirected to cybercriminal servers by online ads, a.k.a. drive-by downloads
• are tricked into opening attachments or clicking on links via other forms of social engineering

Ransomware is of growing concern and has the potential to cause tremendous damage to small businesses and Fortune 1000 companies alike. Below, we’ll outline why the threat of ransomware is rising — and what your organization can do to mitigate its effects.

Recent rise in ransomware

Although an earlier version of ransomware has been around since the late 1980s, it’s only recently become a major threat. According to the Verizon Business 2022 Data Breach Investigations Report, ransomware breaches have increased more this year than the last five years combined.

Similarly, Check Point Research discovered a 24% global increase in ransomware attacks this year, with one in 53 organizations affected in 2022 (versus one in 66 last year).

Ransomware attacks are not only becoming more prevalent; they’re also becoming more costly. According to the same Check Point Research report, 11% of organizations paid ransoms of $1 million or more, and the average ransom paid out by companies increased nearly five-fold to $812,360.

This has recently led to high-profile ransomware cases like the 2021 attack on the US-based software company Kaseya, where attackers compromised between 800 and 1,500 companies and requested a $70 million payment as ransom.

Around the same time, the Colonial Pipeline ransomware attack caused panic buying at gas stations and necessitated a $5 million payment in Bitcoin. Meanwhile, the world’s largest meat supplier paid an $11 million ransom in Bitcoin after its own ransomware attack that same month.

The impact of ransomware is being felt well beyond private corporations. In June 2022, Costa Rica’s national public health agency was attacked by ransomware. And ransomware attacks on health organizations can be particularly devastating; according to a recent report by SC Media, it costs around $1.85 million on average to recover ransomware-infected systems in the healthcare sector.

Unfortunately, the problem shows no sign of abating. A report from Cybersecurity Ventures predicts that, by 2031, ransomware will cost the economy around $265 billion each year, with a new attack happening every two seconds.

Why is ransomware on the rise?

Several different factors have contributed to the recent explosion of ransomware. From the effects of the COVID-19 pandemic and the growth of cryptocurrency to companies’ own evolving responses to ransomware, the changing digital landscape has created a perfect storm for ransomware.

Remote work

First, the increase in remote work has been a major boon for cybercriminals. Employees accessing the internet at home are much more vulnerable to attack, since they typically lose the protection of company firewalls and secure internet routers outside of their office networks. 

Additionally, the increasing amount of confidential data stored in multi-cloud environments leaves companies more vulnerable to exposure. As a December 2021 Forbes article put it, “Remote work has left exposed access credentials littered across the enterprise.” 

Although some companies require their remote employees to use virtual private networks (VPNs) and virtual desktop infrastructure (VDI), these measures are less effective with cloud-based resources. Furthermore, using a remote desktop protocol (RDP) can allow attackers to gain control of devices that belong to IT admins and other privileged teams. 

The ransomware economy has been quick to adapt. The criminal landscape now includes “initial access brokers” who seek out vulnerable and exposed VPN and RDP access credentials and then sell them to the highest bidder to perpetrate ransomware attacks.

Growth of cryptocurrency

Another major factor in the rise of ransomware is the growing popularity of cryptocurrency. From Ethereum and Dogecoin to USD Coin and Binance Coin, cryptocurrencies are typically regarded by cybercriminals as harder to trace than other forms of payment. That’s because, although cryptocurrency transactions take place in public ledgers, they are anonymized by nature.

 While these transactions are not always untraceable, the perception of anonymity has emboldened attackers to demand high payments. Ransomware criminals often require that their victims pay them in Bitcoin, with some even including step-by-step instructions to help users create Bitcoin wallets.

 Cryptocurrency also offers great ease and speed in transferring millions of dollars across national borders, facilitating money laundering and making it harder to catch cybercriminals in the act.

More companies are paying ransoms

Just like a schoolyard bully taking someone’s lunch money, cybercriminals are emboldened by success. The more companies that pay their ransoms, the more likely they are to continue with ransomware attacks — and the more likely that other criminals are to follow suit. 

Unfortunately, the number of organizations paying ransoms is growing. A recent report from the Institute for Security and Technology found that the number of victims paying the ransom increased more than 300% from 2019 to 2020 alone. Although this figure is discouraging, it also makes sense: many organizations feel they have no choice but to pay when faced with the loss of irreplaceable files and systems. 

Luckily, there are effective ways to protect against ransomware. With the right preparation and security measures, organizations can avoid paying ransoms and even maintain business continuity in the event of an attack.

How to mitigate the impact of ransomware

First, organizations must conduct a cybersecurity risk analysis and develop an incident response plan that includes ransomware events. Make sure that this plan allows your company to quickly isolate and remove the ransomware threat and restore normal operations.

Next, consider investing in insurance policies that cover cyberattacks. Cyber insurance has become an increasingly common and sophisticated product, and it can provide critical risk mitigation for ransomware, malware, and other online attacks.

Below, we’ll cover a few more steps your organization can take to protect itself against the growing threat of ransomware.

Beware of phishing

Even with the growing sophistication of malware, most ransomware attacks are effective for one main reason: human error. As Deloitte notes, the number one delivery vehicle for ransomware is clicking a link or downloading an attachment in a phishing email. 

Today, many phishing emails are successful because they effectively impersonate a trusted co-worker or contact who the user actually knows. And increasingly sophisticated social engineering on the part of attackers makes it easier for even tech-savvy users to be tricked into clicking compromised links. 

To protect against phishing, organizations may employ anti-spam solutions and include warning banners when emails are coming from someone outside of the organization. It’s also important to warn employees that cybercriminals are now able to create very authentic-looking phishing emails — sometimes even customized with information that those same employees posted publicly on their social media accounts.

All in all, an abundance of caution will help organizations avoid falling prey to phishing attacks.

Prepare for an attack

The Center for Internet Security and the Cybersecurity and Infrastructure Security Agency recommend a number of additional steps that organizations can take to prepare for a ransomware event:

• Create multiple iterations of backups, store them offline, and routinely test them for data integrity.
• Keep all systems and devices patched and updated, including cloud locations.
• Employ antivirus, ad-blocker, and anti-spam solutions to prevent phishing emails and dangerous links from reaching the network.
• Implement employee training and regularly remind workers of the dangers of clicking on unknown links and opening attachments in unsolicited emails.
• Apply the principles of least privilege and network segmentation.

Use ShardSecure to mitigate the impact of ransomware

Our innovative, patented Microshard technology desensitizes sensitive data for use in multi-cloud and hybrid-cloud environments.

It also helps protect against the effects of ransomware in the cloud by reconstructing compromised data and ensuring that the integrity of critical information remains protected. We achieve this through our three-step microsharding process:

• Shred: Microshard technology begins by shredding data into four-byte microshards that are too small to contain a complete birthdate, Social Security number, or any other piece of sensitive data.
• Mix: Next, poison data is added and the microshards are mixed into multiple logical Microshard containers. Identifying information like file extensions, file names, and other metadata is also removed.
• Distribute: After being mixed, the Microshard containers are distributed across multiple customer-owned storage repositories. These storage repositories can comprise multi-cloud or hybrid-cloud configurations.

With Microshard technology, data security is built in from the start. Multiple data integrity checks detect unauthorized modifications — including cloud storage ransomware — and roll back affected data to its earlier state. This helps to ensure that critical data at rest stays secure and available.

Additionally, our self-healing data and its RAID-5-like ability to reconstruct affected data means that Microshard data containers can be rebuilt whenever they’re tampered with, deleted, or held hostage by ransomware.

When unauthorized activity like ransomware is detected, we immediately generate a security alert and restore the Microshard data to its last known good state in real-time. These repairs can begin automatically and in a way that is transparent to users so that organizations can restore their compromised data and avoid an outage without manual intervention.

Interested in learning more about how ShardSecure can help your organization mitigate the impact of ransomware and maintain business continuity? Contact us today to schedule a demo and learn more about Microshard technology.

Sources

• Ransomware: Facts, Threats, and Countermeasures | Center for Internet Security 
• Ransomware FAQs | Cybersecurity and Infrastructure Security Agency 
• How to Protect Against Ransomware | Malware Bytes
• 2022 Data Breach Investigations Report | Verizon 
• A Third of Companies Hit With Ransomware Didn’t Have To Pay | CyberTalk.org 
• Why Ransomware Attacks Are on the Rise — and What Can Be Done To Stop Them | PBS NewsHour 
• There’s a Huge Surge in Hackers Holding Data for Ransom, and Experts Want Everyone To Take These Steps | Fortune.com
• Ransomware Attack Recovery Costs Top $1.85M in Healthcare | SC Magazine 
• Global Ransomware Damage Costs Predicted To Exceed $265 Billion By 2031 | Cybercrime Magazine 
• Phishing and Ransomware — How Can You Prevent These Evolving Threats? | Deloitte Luxembourg 
• At the Crossroads of Identity: The Relationship Between Remote Work and Ransomware | Forbes
• How Bitcoin Has Fueled Ransomware Attacks | NPR