It works: Data is digital gold. Our data is valuable, and for many of us—individually and at the organizational level alike—it’s mission critical. Losing access to it can have disastrous effects on daily life. The effect of data sold to third parties can be a destructive force for years. Threat actors are well aware of all this. It is Marketing Ransomware 101: This is going to hurt.
It’s getting worse: The FBI reported a 62% year-over-year increase in the first half of 2021 vs the first half of 2020.
It’s also getting more expensive: The average cost of a ransomware attack in 2021 is $1.85 million — that’s factoring in downtime, device costs, ransom paid, higher insurance premiums, etc. And that’s a lot of profit or investment money in the burning Dumpster of lax cybersecurity protocols.
Companies and organizations are willing to pay up: Let us never speak of this again, seems to be the rules of engagement. Roughly sixty percent of workers in senior positions indicated that they would pay a ransom to get back their data. Colonial Pipeline paid $4 million, JBS paid $11 million. It’s easy to point fingers here, but it’s understandable: Companies are willing to cough up the ransom in the face of an extinction-level event. Until they learn to say no, the ransomware scourge will worsen.
Target USA: More than half of the reported ransomware attacks have hit targets in the United States. Unsurprisingly, ransomware attacks against Russian organizations are few and far between (or kept under wraps). If the trend keeps up, ransomware may get a budget line in the Russian GNP.
If a supply chain can be hit, it will be hit. Industry and manufacturing targets are the favorites: No sector is safe from ransomware attacks; healthcare, education, local governments and non-profit organizations have all been hit. But industrial goods and services are still at the top of the list: Industrial targets rely on a constant and consistent level of output and are most threatened by the prospect of unintended downtime. They are also heavily reliant upon supply chains.
It’s the email, stupid! Spam and phishing emails are the most common point of entry for threat actors. Email is easy to spoof and universal, which makes it possible to find someone who shouldn’t have computer privileges and send them a link that takes an entire company offline. But seriously, who among us hasn’t clicked first and asked questions later? Email is a popular vector because it’s easy to socially engineer.
Threat actors are finding more ways to make it profitable: Initial ransomware attacks were single-stage, i.e. “pay us to restore access to your data.” Then came double extortion attacks, which meant that victims needed to pay for restored access to your data AND another payment to not leak any compromised data. 70 percent of reported ransomware attacks have now opted for this method. Ransomware thugs are now using triple extortion, which means threat actors will attack a victim’s clients or suppliers. The entire supply chain is an all-you-can-extort buffet.
The party may not be over, but the cops are outside with flashlights. Law enforcement agencies are stepping up arrests and prosecutions: It’s far too early to tell how much of a difference it’ll make in the long run, but law enforcement agencies have made several high-profile arrests and prosecutions. Since February 2021, authorities have arrested five REvil affiliates allegedly responsible for 5000 ransomware attacks. Greater cooperation between nations seems to be helping make progress.