If someone were to define the worst threats of the last 12 months, it would be coronavirus on physical health and ransomware on digital health. Ransomware has become a cyber-criminal success story. In 2021, the world saw the largest ever ransom demand equating to $50 million. In 2020, 61% of companies were victims of ransomware and 34% lost their data forever, even if they paid the ransom.
Researchers expect that ransomware will continue to be the #1 threat to businesses throughout 2021. Here’s a look at where those ransomware threats have become reality, so far, in 2021.
2021 brought a multitude of ransomware attacks against businesses across the spectrum. Most of those making headlines carried massive ransoms of multiple millions of dollars. Many had the common theme of hacking group-initiated attacks that took advantage of stolen credentials and phishing to deploy the ransomware. Many ransomware attacks are also now using the double-whammy method of extortion: encrypting files for peak disruption of operations and stealing data to leverage payment of the ransom in case the company has back-up systems in place. Here is a taste of the type of ransomware attacks doing the rounds in 2021:
The U.S. education sector was the victim of many ransomware attacks in 2020, and 2021 is continuing this trend. In March 2021, the Buffalo Public School system suffered a ransomware attack that closed the entire school system and impacted automated functions controlling the operation of heating and cooling systems. A statement from Buffalo Schools said the school was "actively working with cybersecurity experts, as well as local, state, and federal law enforcement to fully investigate this cybersecurity attack." The FBI determined the ransom was between $100,000-$300,000.
Electronics manufacturer Acer was the victim of a ransomware attack in March 2021. The attack involved the largest ransom in history with a demand of $50 million. The attack is believed to have been executed by the infamous hacking group REvil, also known as Sodinokibi. The ransomware was used to encrypt data, as is expected from a ransomware attack, but in addition, a large amount of data was stolen. This ‘double-whammy’ tactic of encryption PLUS data theft is now commonly employed during ransomware attacks to add pressure to pay a ransom. REvil is known to use phishing and Remote Desktop login using stolen credentials to initiate ransomware infection.
In May 2021, Colonial Pipeline, a company responsible for 45% of all fuel consumed in the U.S. East Coast was a victim of a massive ransomware attack. The attack shut down the infrastructure of Colonial Pipeline affecting 50 million customers. A hacking group known as DarkSide was behind the attack. Again, the attackers not only encrypted files and data using the ransomware but also stole over 100 gigabytes of data. The ransom was the equivalent of $4.4 million in bitcoin and the stolen data was leveraged to pressurize the company into paying up. The attack is believed to have begun with a compromised password that was part of a larger haul of compromised credentials for sale on the dark web.
At the end of May 2021, JBS USA acknowledged that they were a victim of the prolific ransomware hacking group REvil. The attack forced the company to shut down operations. In a statement on the attack, JBS said that they were able to be "fully operational after resolving the criminal cyberattack." due to a "swift response, robust IT systems and encrypted backup servers". The company did, however, pay the $11 million ransom demand, JBS stating that it did so to prevent data from being stolen and leaked.
Looking at the tactics of hacking groups provides an insight into what works and will therefore be repeated. The common theme in 2021 is the use of both encryption and data exfiltration. Stolen data gives the hackers a backup plan against common anti-ransomware security measures, such as having secure data backups to replace encrypted data quickly. Whilst these measures are important, this additional countermeasure of data theft has given the hacking groups the power to manipulate further an infected company to ensure ransom payment.
Digital threats, like health threats, are best prevented. As many ransomware infections require a human operator to either make a mistake, click on a phishing link, or navigate to an infected website, preventing this entry point is a crucial part of preventing ransomware infection. To do so, an organization can deploy anti-phishing in the form of a smart monitoring system that will stop complex threats like ransomware in real-time before they become an infection.
Prevent ransomware attacks with WebTitan DNS Filtering. Protection against malware, ransomware, and zero-day threats. Try it today and get setup in less than one hour. Start 14-day free trial.
Sign-up for email updates...