As if reflecting this trend, cyber insurance ransomware claims have also risen. Data collected by the University of Cambridge found that, in 2020, ransomware comprised 54% of insurance claims compared to just 13% between 2014 and 2019.
The answer comes down to time and money. Ransomware attacks are significantly cheaper to implement compared to other attack vectors – and the returns are higher.
For instance, the rise of ransomware-as-a-service (RaaS), whereby malicious ransomware developers sell their malware as a license, has made it easy for would-be hackers to execute attacks without much technical knowledge and with smaller teams.
The growing popularity of cryptocurrency also enables ransomware. Cybercriminals are increasingly demanding ransom payments in bitcoin – transactions that are anonymous and almost impossible to track.
The rewards speak for themselves. The Verizon DBIR found that the median ransom paid in 2020 was $11,150 but ran as high as $1.2 million. With such a great potential to earn money, so-called “ransomware gangs” have become more organized. Many of their members have different roles and specialize in specific attack methods, which helps these groups maximize their potential gains.
Financial loss is only one impact of ransomware. Obscuration, which occurs when the ransomware installation encrypts the victim’s data, can result in significant business disruption for days, weeks, or months. Aside from the immediate losses, businesses also incur the cost of incident response, digital forensics, regulatory fines, and legal and PR counsel resulting from long-term damage to a company’s reputation. In the healthcare sector, ransomware can even have deadly consequences.
It can be hard to keep up with the ransomware threat landscape. The following examples show the pervasive and potentially catastrophic risk that organizations in almost every industry must address.
One of the most costly and disruptive incidents of recent times is the Colonial Pipeline ransomware attack. Believed to be the largest-ever attack on an American energy system, hackers disrupted fuel supply across the East Coast for days until a $4.4 million ransom was paid (although the Department of Justice later seized the funds).
The attack was attributed to DarkSide, a relatively new RaaS group first discovered in August 2020. According to CISA, DarkSide explicitly targets large, high-revenue organizations, stating that their goal “is to make money [not create] problems for society.” The group’s ransom requests range from $200,000 to $2,000,000 – although history has shown that they are open to negotiation! In addition to the pipeline attack, DarkSide recently announced three more victims, including a Scottish construction company, a renewable energy product reseller in Brazil, and a technology services reseller in the U.S. The hackers stole client, employee, and financial data.
Colonial Pipeline wasn’t the first headline-grabbing attack on the energy and utilities sector. Four years earlier, Ukraine famously “went dark” when NotPetya took down the country’s entire energy grid. BitSight research suggests that similar attacks in the U.S. are likely: After reviewing the cybersecurity performance data of more than 2,000 U.S.-based oil and energy companies, we found that 62% are at heightened risk of a ransomware attack.
Another vulnerable and lucrative target for hackers is healthcare. Since 2009, there have been over 3,000 healthcare data breaches in the U.S. medical industry. Notable incidents in recent years include NotPetya attacks against drugmaker Merck and Heritage Valley Health Systems (both in 2017), the latter resulting in postponed surgeries. In September 2020, major healthcare provider Universal Health Services experienced a ransomware attack resulting in widespread computer systems failures. And, in May 2021, Ireland’s health service suffered a ransomware attack forcing a shutdown within its IT infrastructure.
Hackers also have the public sector and education institutions in their sights. In 2020, 33% of cyberattacks on government agencies were ransomware, disrupting missions and public services and creating a national security risk. Schools are also fast becoming a leading target.
Supply chains are an emerging trend as a vehicle for ransomware. In July 2021, the REvil ransomware group attacked Kaseya, a Florida-based software provider of a widely used remote management monitoring solution. The attack impacted Kaseya, its customers, and companies who outsource IT management to Kaseya. Hackers requested $70 million in payment.
These sectors are not alone. Manufacturing companies, financial services, retailers, and others are also vulnerable to the mounting ransomware threat.
No organization is immune from ransomware, but there are best practices you can follow to minimize the risk to your organization. While there are tools to help combat ransomware, it’s also critical to maintain a relentless focus on security hygiene. This means regularly applying software patches and proper configuration management protocols since both contribute to a heightened risk of ransomware. It also requires maintaining a continuous view of your vendors’ security postures to reduce the risk of supply chain ransomware attacks.
In fact, BitSight’s research team analyzed hundreds of ransomware events to estimate the relative probability that an organization will experience a ransomware event. Overall, the data shows that organizations with a BitSight Security Rating lower than 600 are 6x more likely to be a victim than organizations with advanced ratings. Furthermore, organizations with a less mature patching program increase their ransomware risk sevenfold.
Read more about the research, the factors that can increase your organization’s ransomware risk, and best practices to protect your organization. You can also see how your organization stacks up by requesting your Free Security Rating and Customized Report.
Ransomware is rapidly becoming the most common form of cyberattack. According to the Verizon 2021 Data Breach Investigations Report, ransomware incidents have doubled year-over-year with headline-grabbing consequences.
It’s a question more people are asking with each passing day:
How do I know if I am at risk for a ransomware attack?Unfortunately, the fact that so many are posing this question reveals how unprepared many organizations are in the face...
It happened again - another disruptive ransomware attack. On July 2, 2021 Kaseya, a Florida-based software provider that provides Remote Management Monitoring, warned of its software being abused to deploy ransomware on end-customers'...