Almost overnight, businesses transitioned to a remote workforce introducing unique exposures and vulnerabilities that were quickly exploited by aggressive forms of ransomware. Studies show that in the first two weeks of March there was a five-fold increase in ransomware attacks. By mid-2020 the number of reported global ransomware incidents increased by an astonishing 715% year-over-year.
This isn’t surprising. Ransomware attacks are a phenomenally successful and profitable business for cyber criminals. The average ransom is $1.1 million, and a quarter of all ransomware victims pay their attackers, further fueling the cycle.
Below we look at some of the most significant ransomware attacks for 2020, as well as ways organizations can reduce their risk exposure to these devastating hacks in 2021.
One of the most notable ransomware attacks of 2020 involved fitness brand Garmin, whose entire digital infrastructure was disrupted by malicious actors for several days in July. The hack shut down the company’s website, corporate email, call centers, customer applications, and the company’s lesser-known aviation industry services used by aircraft for critical flight planning and mapping tasks.
The breach was so impactful employing the WastedLocker ransomware strain that Garmin is reported to have paid the $10 million ransom to reclaim control of its operations – a real-world indication that ransomware is most powerful when it disrupts customer operations.
Also in July, hackers were busy infiltrating another target – Blackbaud. A leading cloud services provider and a lucrative, data-rich target for hackers, Blackbaud’s clients include prominent universities, hospitals, and public health institutions. This deliberate supply chain attack resulted in the exfiltration of millions of sensitive student, patient, and donor data records and is thought to be one of the largest breaches in 2020 involving patient health information. Adding to the PR and security nightmare, Blackbaud failed to notify its U.S. and UK clients of the attack for several weeks and could face significant fines for violating the GDPR breach reporting law.
These attacks are just the tip of the iceberg, but they shine a spotlight on the risks organizations face as they digitally transform, increase their reliance on cloud technologies, and become more interconnected with outside networks. This has led to the massive attack surface expansion and fueled a surge in opportunistic ransomware attacks.
Bad actors are continually probing an organization’s digital footprint for a way in. When a weakness or vulnerability is found – such as a misconfigured app in a cloud service or a vulnerable and long forgotten domain address – they take advantage.
The best way to manage this growing attack surface and reduce the risk of a ransomware attack is through visibility. After all, you can’t secure what you can’t see. Even if you've invested in the latest firewalls and threat intelligence technology, a single unpatched cloud asset or insecure vendor can wreak havoc. As the saying goes, it's not the mountain you climb but the pebble in your shoe.
If you can visualize the common vulnerabilities and exploits in your ecosystem, you can put together a security program that proactively closes security gaps before they are exploited. It could be that you need to adjust your software patching cadence, invest in better cloud firewalls, close any ports that are left unnecessarily open, or do a better job of evaluating and monitoring third parties for cyber risks.
In the cybersecurity world, 2020 will be remembered for the SolarWinds Orion hack. But the escalating ransomware threat cannot be ignored. Just imagine the nightmare scenario that would have transpired if the intent of those behind the SolarWinds attack hadn’t cyber espionage, but instead to hold government agencies and large parts of the US economy for ransom. This prospect alone further reinforces the urgency that organizations need to do everything they can to mitigate risk and secure their attack surface.
A single unauthorized device being used on your network. An unsanctioned application someone’s accessing from their non-secure home PC. A small vendor with a seemingly insignificant vulnerability.
All of these are seemingly small...
Imagine you've alerted your IT team to a critical infrastructure error plaguing your network. You ask them to drop their current work and focus on immediate remediation of this detected vulnerability. After further investigation,...
Recent events have made cybersecurity a top concern among C-suite executives. The SolarWinds breach, Capital One incident, and Colonial Pipeline attack are just a few of the noteworthy events that have made CEOs and CFOs take active...