The Ransomware Threat Report 2021 from Unit 42 shows that the average amount paid by ransomware victims tripled from 2019 to 2020.
Ransomware
Ransomware is a form of malware that encrypts the important files on a computer and the user (often a business/organisation) is given a ransom demand, the payment of which should mean that the encrypted files can be released. In reality, some types of ransomware delete many important files anyway and paying the ransom does not guarantee that access to files will be returned to normal.
The Palo Alto Networks, Unit 42 Ransomware Threat Report shows that the average ransom paid by a victim organisation in Europe, the US and Canada trebled from $115,123 (£83,211) in 2019 to $312,493 (£225,871) in 2020. The report showed that, over the same period, the highest value ransom paid doubled from $5m (£3.6m) to $10m (£7.2m), and the highest extortion demand grew from $15m (£10.8m) to $30m (£22m).
Why?
Some of the main reasons for the increase in ransomware attacks and the increase in the amounts paid to attackers are thought to include:
– Attempts to exploit vulnerabilities/opportunities created by remote working.
– Businesses not having effective data backup procedures in place (no recoverable, workable backup).
– Costs of downtime perceived as being greater than the cost of paying the ransom. Paying the ransom, however, very often does not lead to release of the files.
– The growth of ransomware-as-a-service (RaaS), where criminals can buy or act as affiliates and rent subscription-based ransomwares (on the Dark Web) from which they earn a percentage of each ransom payment. For criminals, this method offers a low technical barrier to entry and a high affiliate earning potential.
– A growth in a more focused and thorough kind of ransomware attack where victims are researched, and their networks are compromised in advance.
Key Targets
Some of the main targets of ransomware attacks last year noted by the report include healthcare organisations, leading pharmaceutical companies, and COVID-19 vaccine research and development organisations. For example, last October, Philadelphia company eResearchTechnology (which makes software used to try and develop COVID-19 vaccines and treatments) was hit by a ransomware attack. Employees were locked out of systems and the attack had a knock-on effect that was felt by IQVIA, the research organisation helping with AstraZeneca’s Covid vaccine trial, and Bristol Myers Squibb, a drug-maker involved in the development of a quick test for COVID-19.
Double Extortion
As if these types of targeted attacks haven’t been dangerous enough, the report highlights how so-called ‘double extortion’ attacks have been on the rise. This is where, in addition to demanding a ransom to release data files, the criminal also threatens to leak some of the files/data unless the ransom is paid.
What Does This Mean For Your Business?
Ransomware attacks tend to arrive in phishing emails, so it is important that staff are aware of the dangers of clicking on suspicious links. Also, staff should be wary of Microsoft Office email attachments that advise the enabling of macros to view the content, a this can be a sign of a ransomware email.
This story also highlights the importance of making sure that data is regularly and securely backed up (to a cloud-based service) and that disaster recovery and business continuity plans have procedures for ransomware attacks built-in to them. Businesses should also note that paying the ransom is a high-risk option and certainly offers no guarantee that any files will be unlocked/returned.
Other precautions that businesses can take to guard against these kinds of attacks include keeping antivirus software and Operating Systems up to date and patched (and re-starting the computer at least once per week), using a modern and secure browser, using detection and recovery software e.g., Microsoft 365 protection and Windows Security, and storing files on cloud services e.g. OneDrive/Google Drive, IDrive, or whatever work-based cloud file storage systems employees are required to use.
