Going into 2021, ransomware attacks show no signs of slowing. They’re becoming more targeted, sophisticated and more costly. On March 18, 2021 - details of the record-breaking double-extortion cyber attack first emerged with financial data exfiltrated from Acer by the REvil gang published to its dark web leak site after initial negotiations broke down.
A growing number of ransomware attacks plagued organizations across many diverse sectors including healthcare, government, education, manufacturing, and professional services.
Municipal governments, universities and private businesses have spent more than $144 million responding to the biggest ransomware attacks of 2020 (so far), spending on everything from rebuilding networks and restoring backups to paying the hackers ransom. The cost includes investigation and remediation expenses, and the ransoms paid by some of the targeted organizations.
As per the report, in the second quarter of 2020, the average ransom payment has increased by 184% to $36,295 compared to $12,762 in the first quarter of 2019.
Nevertheless, that is not the only loss companies face when attacked by ransomware: the downtime caused by ransomware is usually five to ten times the real ransom amount and is measured in lost productivity. So, one can imagine the impact of this attack. As per the same report, the average downtime has also grown in the second quarter from 7.3 days to 9.6 days, compared to the first.
The Key Targets
When ransomware primarily came into the picture, it targeted some of the wealthiest businesses with inadequate cybersecurity infrastructure. However, with time, even that developed, cyber attackers started targeting some specific businesses. Today, ransomware attacks are more focused on industries with some of the most important data, which could be used in many adversarial approaches. Some of the top targets for ransomware include:
Renowned ransomware victims like the United Kingdom’s National Health Services and the Hollywood Presbyterian Medical Center only partially reveal the magnitude of the threat globally in scope and continues to expand at a frightening pace. Healthcare executives require to deploy a battery of technologies, methods, and policies to prevent ransomware attacks from bringing down important systems across their institutions, from patient records to care supervision to point-of-care instrumentation.
For instance, Luxottica of America recently reported a patient data breach, which impacted 829,454 patients. And prior to the security incident, the company faced a ransomware attack, and the Nefilim ransomware threat actors have since leaked data allegedly stolen from the vendor on the dark web in a number of installments.
Notable ransomware victims like the University College London, Los Angeles Valley College, and the University of Calgary only partially reflect the peril’s magnitude globally in scope and continue to expand at a frightening pace. Education executives need to deploy a battery of technologies, methods, and policies to prevent ransomware attacks from bringing down crucial systems across their institutions.
The education sector presents an irresistible target to ransomware criminals for several reasons. Students are often involved in risky online behaviors that expose them to ransomware attacks, such as managing email attachments without appropriate attention and visiting websites trafficking in pirated movies. Alongside, the highest open and interconnected nature of campuses starts up multiple malware infiltration points: the discovery of a weak link, and ransomware can grow quickly from student to faculty to staff PCs and servers. Finally, cost pressures have made it challenging for some institutions to fund IT security investments; the education sector generally lags well behind businesses like banking, retail, healthcare, energy, and government in its tech infrastructure’s flexibility. This mixture of factors has made education the most sought-after target for ransomware attacks.
Airgap Defense: Airgap’s Zero Trust Isolation technology blocks all unauthorized lateral movement within the network.
For instance, Hartford, Connecticut public schools were forced to postpone the first day of school set for Tuesday, Sept. 8, after a ransomware virus caused an outage of critical systems. Reportedly, the City’s critical systems were damaged over the weekend and restoration of the systems is still not complete. Hartford Public Schools has approximately 300 servers and more than 200 were attacked in the ransomware virus attack.
In a recent bout of attacks, Southeastern Pennsylvania Transportation Authority (SEPTA) were unable to provide real-time transportation information after an attack caused their systems to fail. SEPTA declined to provide further information about the attack, but experts speculate that disruption to its systems has been significant.
Alongside, while SEPTA was facing their major crisis another large-scale attack was made on Hall County Government in Georgia. While officials didn’t release details of how the attack happened or what was being done to resolve it, government offices including the courthouse, community centers, and the sheriff’s precincts were experiencing issues with phone and email services. It’s thought that no employee or resident data had been compromised.
Energy & Utilities
Energy and utility organizations are interesting targets, as they can usually fall victim to malware (or ransomware) attackers who are especially interested in damaging a particular city, state, or country.
It can be said that electric utilities are one of the top targets for hackers. These hackers are usually involved in cutting off power. Still, they are more interested in examining these networks and placing the groundwork for such potential attacks in the future. In the meantime, cybercriminal organizations may jeopardize the front-office networks of utility operators, either by design or accident. As the hacking community’s professionalization advances and the Dark Web emerges as a robust marketplace for the sale of advanced hacking tools, other utility threat actors could arise too, such as terrorists and hacktivists.
Consider Your Ransomware Remediation Strategies
2020 began with a New Year’s Day breach at Travelex Corp, which reportedly ordered the currency exchange company to pay a $2.3 million ransom. In February, Danish facilities-management business ISS World was also hit with a massive ransomware breach. ISS estimated that total costs could exceed $100 million, called off a purposed dividend payment, and announced that the sequence of the pandemic and the breach was blocking “a number of fundamental priorities.”
Similar problems hit Cognizant in the early days of the COVID-19 pandemic. The IT services organization was hit with a ransomware attack that management valued will cost the company $50 million to $70 million.
Manufacturing businesses targeted by ransomware included Honda Corp, which experienced an attack that halted production at several facilities. Appliance manufacturer LG, Fisher and Paykel, and Mitsubishi were also stated to have been targeted. But ransomware attacks have hit industries in all sectors, from retail to religion.
It is pertinent to mention, a global ransomware attack affected more than 200,000 computers in 150 countries, seizing European schools, hospitals, and factories to curtail operations. Regardless of what industry one is operating in, the data and findings above highlight the requirement for a ransomware plan and remediation plan. There are many cases in which ransoms have been paid, but companies do not obtain their data.
Airgap Defense: Airgap prevents any lateral scanning attempt. If under Zero Trust, an intruder breaches the perimeter controls, compromises a misconfiguration, or bribes an insider, they will have extremely restricted access to sensitive data, and safety measures would be in place to identify and respond to suspicious data access before it becomes a threat.
There are some lawful remediation strategies you have at hand based on the best methods within the field, starting with backing up and restoring your data. To do this, one will need a good backup strategy to retrieve the uninfected data in case of an attack.
Even so, be aware that relying singularly on backed up data may be an inadequate procedure, as malware authors are starting to create ransomware groups that also encrypt various backup solutions before infecting computers. If this happens to you and you attempt to restore your data with a backup, you would be unable to do so as that version would already be encrypted. This isn’t yet considered a popular ransomware cyber-attack method. Still, it’s something to be conscious of as you refine your remediation procedure and determine the best way to overcome a potential ransomware catastrophe.
About Airgap Networks
Airgap helps implement comprehensive Zero Trust in minutes without the need for agents, APIs, or forklift upgrades. The patent-pending Zero Trust Isolation platform assures threat propagation protection. Airgap’s solution can be deployed in minutes, not months. Visit airgap.io to learn more or to schedule a demo.