Ransomware attacks are on the rise as new and sophisticated groups emerge due to their lucrativeness. A U.S. Treasury Department report discovered that over $600 million in ransoms were paid in the first half of 2021 alone. Ransomware groups extorted at least $457 million from victims in 2022.
Established criminal groups are also adding the illegal activity to their portfolio, increasing the volume of attacks higher than ever. Ransomware attacks have been observed to be more profitable than online banking attacks.
The seriousness of ransomware was borne out by the Colonial Pipeline attack in April 2021. Colonial Pipeline delivers petrol (gasoline) to much of the East Coast of the U.S. In an interview, the company’s CEO, Joseph Blount, revealed he authorized a ransom payment of $4.4 million in response to the cyberattack.
Chestnut Hill Technologies have passed onto Digital Journal information that suggests that many businesses only have simple detection systems in place. This made the preparedness of these businesses against ransomware questionable, as ransomware attacks also require effective real-time responses.
The intelligence continues, suggesting ransomware attackers are now more professional than ever, collaborating with others worldwide to increase their attacks’ impact and cover their tracks.
The first line of attack is usually capturing login details of an employee or security loopholes to access an organization’s network.
The groups responsible for this, Chestnut Hill Technologies state further, tend to specialize in phishing and are mostly initial access brokers, and they, in turn, sell the captured data to the actual ransomware attackers. The attackers will try to take over the company’s network, and if successful, they will implement different strategies to get a ransom.
Some of their methods include:
- Downloading a copy of the company’s data and encrypting the original files to prevent the victim from accessing them.
- Threatening to cripple the company’s operation using DDoS attacks.
- Publishing the name and details of the attacked company on their leaked sites where the news might be picked by journalists who monitor the dark web. They may also inform the company’s partners of the attack. This strategy is to cause panic and damages the firm’s reputation.
- Setting a deadline for payment.
Industries that are prone to ransomware attacks
Any company is prone to ransomware attacks. Since the primary aim of the cyberattack is to get a ransom, the culprits usually go after businesses and organizations that can afford to pay well.
Some of the industries most targeted include:
- Government
- Education
- Healthcare
- Services
- Technology
- Manufacturing
- Retail
- Utilities
- Finance
Preparedness of businesses against ransomware attacks
More companies are now aware of ransomware attacks and taking precautions to prevent them, finds Chestnut Hill Technologies. Unfortunately, a lot of these businesses focus solely on the technology aspect. Instead, a holistic approach is the best defence against this form of cyberattack. Phishing remains the tool of choice for many malicious actors. Clicking a link from a phishing email can give threat actors access to the company’s network.
This is why educating employees about phishing and proper methods of safeguarding sensitive data is essential. In addition, regular data backup can provide some protection from cyberattacks but may be ineffective in the event of an exfiltration by the attacker.
It is also essential for businesses to develop a response plan in preparation for future attacks. In the event of an attack, the incident response plan should be followed, notably notifying senior management and the legal department.
