Ransomware attacks have increased in number and strength. Cyber crooks are getting better at infiltrating organizations and launching these assaults. Some of the larger attacks we have seen in the news lately have crippled infrastructures and end users.
- Colonial Pipeline: This attack disrupted a major supply of fuel to the East Coast for nearly a week.
- SolarWinds: Not officially ransomware but a supply-chain attack; equally as detrimental to an organization.
- Kaseya: As a managed service company, this attack affected many of their customers.
What is ransomware?
Ransomware is malicious software that hackers use to infect your system, making it virtually unusable, encrypting (and/or stealing) your data and then asking for a ransom in order to make it all go away. Miscreants will take advantage of security holes or use social engineering to execute the attack. An attacker can infiltrate your systems and lay dormant for months before executing the attack.
Scale of operations
Large corporations and businesses are not the only targets of ransomware crooks. In 2021, schools were targeted more frequently. Some reasons can be attributed to the lack of security, training and funding, underlining the increased need for security awareness education.
Who is doing this?
Ransomware gangs exist around the globe, but most of these threats are originating from Russia. The predominance of the these gangs working in jurisdictions outside of the United States makes it difficult for law enforcement to reach them.
End goal
Ransomware operations have gotten easier for the crooks to execute, and the payoffs are quite large. There was a brief decline in ransomware assaults in 2018 due to the increase in the value of cryptojacking (illegal crytomining). Since cryptocurrency has not returned to previous all-time high levels, ransomware activities have increased.
To pay or not to pay?
The decision to pay criminals in order to receive access to data and return to normal operations is not an easy one. This year, more than half of the victims decided to pay. Of those who decided to pay only about a quarter of them regained full access (according to a survey conducted by Kaspersky). In the case of the Colonial Pipeline ransom, they paid approximately $5 million. The Department of Justice was able to recover $2.3 million.