Ransomware attack statistics
A Far Reaching Impact
Ransomware attacks have a far-reaching impact that goes well beyond the cost of paying to retrieve critical data. The latest report from IBM and the Ponemon Institute found the average cost of a data breach has risen to over $4.2 million6. This includes the cost of downtime, data recovery, lost business and the cost of notifying customers and implementing stronger security protocols.
How to defend against four types of ransomware attacks
Ransomware attacks have become organized crime, with ransomware gangs recruiting highly skilled hackers to deploy increasingly sophisticated attacks. Here are four bad actors that should be on your radar and how to mitigate them.
Threat report: This Russian-led ransomware gang was responsible for several high-profile ransomware attacks, including the Colonial Pipeline attack and the attack on JBS Foods, and the Kaseya data breach7. The US Department of Justice indicted the group8 for cybercrimes following these attacks and the alleged theft of $6 million from a cryptocurrency exchange. The REvil ransomware gang's tactics9 include breaking into networks, exfiltrating data and even deleting and disabling data backup and recovery systems so companies are forced to pay ransom if they want to stay in business. It can even inject itself into the host’s processes to impact operations. While several members of the REVil’s ransomware gang were arrested in January, the ransomware itself still poses a threat.
Threat Report: The Conti ransomware gang uses ransomware-as-a-service, meaning it pays other cybercriminals to gain access to networks primarily through malicious email attachments, stolen Remote Desktop Protocol (RDP) credentials, fake software advertised online and other means10, according to the Cybersecurity & Infrastructure Security Agency (CISA).
This Russian-based group has attacked more than 400 organizations worldwide11. It recently exploited the Log4Shell vulnerability12 to gain access to servers that would have otherwise been protected. Once the ransomware attackers gain access, they steal and encrypt sensitive data, demand ransom to decrypt it and also threaten to publicly release the data — known as double extortion. Conti ransomware can also infect other machines through shared drives and stop email, security and backup services.
Threat report: LockBit, formerly known as “ABCD ransomware” for the file extension name it uses to encrypt files13, is another ransomware-as-a-service gang believed to be six times more active than Conti and much faster at data encryption compared to other groups14. The group recruits experienced penetration testers and sends them a cut of each ransomware payment. When a victim refuses to pay, LockBit steals their files and uploads their data to their own blog on the dark web.
Cybersecurity expert Kaspersky and others believe it’s part of a larger family of attackers known as LockerGoga & MegaCortex. According to Kaspersky, its attacks are “self-spreading and targeted, using tools like Windows Powershell and Server Message Block to spread.”
Malicious Delete/Destructive Malware
Threat report: One common malware attack technique is to destroy data to interrupt critical services or business operations. MITRE lists many different tactics for malicious data destruction15, including destroying files and folders, making deleted files unable to be recovered, and overwriting files.
A Carbon Black report shared in HIPAA Journal found 45% of healthcare organizations had experienced a ransomware attack that focused on data destruction in 2019.
How to mitigate and recover from ransomware attacks
A Zero Trust security model that includes multi-factor authentication and the principles of least privilege when it comes to accessing your network and your enterprise data is an important first step. CISA also recommends filtering network traffic, scanning for vulnerabilities and using detection response tools.
With ransomware attackers that focus on data destruction, backup and recovery systems are no longer enough. You need a system that eliminates data replication, ensures compatibility with object storage locations and allows you to restore files in real time.
While no single solution can guarantee protection against ransomware attacks, the best defense is to render your enterprise data unusable to attackers and enable immediate recovery of your most important files.
1 The Record (Oct. 2021) | 2 Reuters (Dec. 2021) | 3 CRN (December 2021) | 4 Bloomberg (May 2021) | 5 US Chamber of Commerce | 6 IBM and the Ponemon Institute (2022) | 7 Reuters (Oct. 2021) | 8 The Verge (Nov. 2021) | 9 MITRE | 10 Cybersecurity and Infrastructure Security Agency (Sept. 2021) | 11 Bank InfoSecurity (Sept. 2021) | 12 ThreatPost (Dec. 2021) | 13 Kaspersky | 14 Security Intelligence (Sept. 2021) | 15 MITRE