Ransomware is an ever-evolving threat worldwide, affecting not only individuals but organizations, startups, governments, agencies, and high-profile enterprises. It is estimated that over 493.33 million ransomware attacks were launched globally in 2022, accounting for almost 9% of all malware attacks (Petrosyan, 2023a; Petrosyan, 2023b). As new vulnerabilities are being identified, companies are exercising scrutiny and investing more in their cybersecurity solutions.
In this blog, readers are introduced to the current state of the cybersecurity landscape and the impact of ransomware attacks on organizations. It discusses the latest ransomware trends, RaaS business models, and what threat actors are presently doing to evolve and grow sophisticated in their methodologies. Further, this blog covers the historical events associated with ransomware attacks, the top threats organizations face, and the steps that can be taken to combat and mitigate these threats.
The latest ransomware statistics show that attackers gain access to systems and plant ransomware through phishing, exploitation of software vulnerabilities, and stolen remote desktop protocols (RDP) credentials. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed that of ransomware events targeted 14 of the 16 critical infrastructure sectors in the United States. Some of these sectors were government facilities, food and agriculture businesses, and the U.S. Defense Industrial Base. Education was one of the top sectors targeted by ransomware threat actors, according to the United Kingdoms National Cyber Security Centre (NCSC-UK), which classified ransomware as the most prominent cyber threat facing the country (CISA, 2022).
The increasing sophistication of ransomware tactics requires cybersecurity authorities to evolve their mitigation, threat identification, and detection strategies. The following is a list of critical incidents that occurred in the 21st century:
1. REvil Attacks on Apple and President Donald Trump
The REvil ransomware group committed several ransomware attacks globally and became notorious for offering customized RaaS subscriptions to cybercriminals. Formed in 2019, REvil became one of the longest-running ransomware groups in history, having operated for nearly three years. They published 169 of U.S. President Donald Trumps Dirty Laundry emails after being branded as cyber terrorists publicly. They demanded 42 million USD in ransom from the involved law firm, Grubman Shire Meiselas & Sacks (Winder, 2020), and were said to be behind the leaking of legal documents of many A-list celebrities (Ilascu, 2020). The Qakbot banking trojan attacks and high-profile hits on Apple, including hacking into the companys schematics before the Apple Macbook Pros official launch, were also among their misdeeds.
2. 2022 Costa Rican Ransomware Attack
Costa Rica declared a national emergency after ransomware attacks plagued the country in 2022. The Russian ransomware gang Conti pressured citizens to force the government to pay a ransom of 20 million USD to aid their cause (Associated Press, 2022). Conti warned that they planned to overthrow the government and demonstrate its strength through a series of cyber attacks. The U.S. Department of State offered a 10 million USD reward to individuals who could pinpoint information about any member with a leadership role in the Conti group that could potentially lead to their arrest (U.S. Department of State, 2022).
Contis next attack targeted the Costa Rican Social Security Fund, which is responsible for managing the countrys health services. Later, the Ministry of Finance is said to have suffered damages, and the government was forced to declare a national emergency (Sharma, 2022).
3. Financial Trading Group ION Gets Hijacked by Ransomware Attacks
ION was hit during the first week of February by a ransomware attack and was forced to clear its derivative platform overnight to protect its clients. Wall Street Journal reported that the attack had far-reaching effects on global financial markets and had impacted them massively. Investors couldnt place bets on commodity prices, and the platform had problems with data submissions. The trading group disconnected its servers completely and restored its operations after the issue was resolved. Traders had to manually match prices during this downtime, and there were delays in financial reporting. This incident proved that even the best banks and financial institutions with cutting-edge technologies could be compromised, no matter how robust their cybersecurity policies or their level of cyber-readiness to face these threats (Toulas, 2023).
4. DarkSide Ransomware
DarkSide Ransomware is a unique ransomware strain that threat actors use to launch multiple large-scale attacks against global organizations. The first incident was seen in August 2020, and the DarkSide group evolved to operate as a RaaS provider. They have a deep history of conducting double extortion attacks, blackmailing victims into sending payments for unlocking systems, and also for retrieving exfiltrated information.
Popular tactics used by the group to target victims include privilege escalations, impairing defenses and exploiting vulnerabilities like CVE-2020-3992 and CVE-2019-5544, exploiting public-facing applications, and customized file notes and random extensions.
Many organizations invested in their cybersecurity efforts to implement effective incident response planning and mitigate their threats (Patil, 2021). Their most notable attack was the 6-day outage in the Colonial Pipeline during early May, which even the U.S. Government noted. The group even became a potential threat to national security.
The average cost of a ransomware invasion was 1.85 million USD in 2020, and attackers are getting bolder by using the latest ransomware strains to launch several threats (Sophos, 2022). Currently, the most prevalent ransomware strains in the world include the following:
Many other strains are impacting victims around the world, like Petya, Ryuk, Wannacry, GoldenEye, Cryptolocker, and NotPetya. Crypto ransomware strains encrypt files and make them inaccessible to victims unless they pay a ransom. More challenging strains are the locker strains, where victims can get locked out of the devices. In both cases, victims lose access to sensitive information and may fail to recover data on time without falling prey to cyber adversaries. It is essential to know how to protect organizations from ransomware attacks and take the steps necessary to prepare to face these threats. (Heinbach, 2020). Finally, evolving ransomware strategies include ransomware strains like HardBit, which includes explanations of how cyber liability insurance works and additional extortion. HardBit 2.0 includes text that that files were also exfiltrated with an explicit threat to release them for sale or onward publishing if contact is not forthcoming (Slaughter, 2023).
Ransomware is a significant issue faced in modern times, and its vital to minimize risks and not fall for these attacks. Some ransomware strains attack the people and not technologies, which means the use of social engineering methodologies is prevalent. Having good software as a service (SaaS) and on-premise backup programs is a start, and organizations must ensure that all their machines are kept up-to-date.
The following are some ways you can stay protected from ransomware attacks:
Conclusion
Ransomware threats have surged dramatically, and with the increased proliferation of the Internet of Things, AI, RPA, VR/AR, and 5G technologies, we can expect numbers to continue increasing in the next few years. Ransomware techniques prey on the victims gullibility and hijack systems in ways they arent even aware of. Universities, hospitals, legal offices, and several firms are facing these risks, and significant fines can be imposed on organizations if they fail to address them. The most common cause of ransomware attacks is a lack of proper data compliance, governance, and cybersecurity policy measures. Its critical to train employees to identify these threats and ensure they dont click or respond to malicious emails or links. Security efforts should also focus on identifying impersonation attempts, and organizations are beginning to take a proactive approach to threat monitoring, analysis, and security.
References
Read the rest here:
Ransomware as a Service (RaaS): Trends, Threats, and Mitigation ... - EC-Council