It seems like almost every month, we hear news of a major ransomware attack on another business. This is in stark contrast to even only a few years ago. Although ransomware attacks are far from being a new threat, they weren’t nearly as prevalent as they are today. This begs the question—what is responsible for fueling the surge in recent ransomware attacks against businesses?
To fully understand how bad ransomware is, it’s necessary to know what it is and how it differs from other cyberattacks. Ransomware is a type of malware that encrypts anything from files to your operating system. Anything the malware infects, you essentially lose access to until the culprit chooses to decrypt your system. True to its name, hackers use this malware to hold your information for ransom.
Ransomware is specifically designed to spread across a network, affecting multiple devices that are connected to that network. It’s a very effective form of cyberattack that can quickly paralyze an organization. Just this year, a number of big name organizations have learned this lesson first hand.
Unfortunately, the people who carry out ransomware attacks are only getting bolder. As a result, we are seeing a growing number of cases every year. It has become so problematic, in fact, that the Biden administration has made stopping these attacks a national security priority. The exact reason why ransomware attacks are increasing, however, involves a complex blend of factors.
The upward trend seems to be linked to geopolitical, behavioral, and cybersecurity issues. On the cybersecurity side, more businesses than ever are relying on digital infrastructure. Yet, these companies aren’t investing in the cybersecurity solutions they need to protect themselves. Additionally, ransomware attacks have become easier to execute and payment methods are much more criminal friendly these days.
For example, cryptocurrencies like Bitcoin, Ethereum, or Dogecoin provide a way for people to be paid anonymously. Although every transaction is transparent and trackable, no one has to provide identifiable information to create an account. This makes it difficult to link an account to a specific individual. It is a perfect avenue for hackers to collect unlimited anonymous payments from their victims.
Then there’s the way companies behave after a ransomware attack. Some companies choose to pay the ransom, but it’s recommended that you never give in to a hacker’s demands. By paying the ransom, it only encourages the cybercriminal to do it again. There’s also no guarantee that the culprit will unlock your system after payment.
Finally, there’s the geopolitical aspect that involves ransomware gangs. These gangs not only create new ransomware and target corporations, but they also lease their product to anyone willing to pay the price. Most ransomware gangs hide in jurisdictions that can’t be reached by US law enforcement—like Russia. Unsurprisingly, these groups often go unpunished even when they admit their crime.
We have just entered the second half of the year and we’ve already had more ransomware attacks on critical infrastructure, schools, businesses, and healthcare networks than in previous years. However, some attacks were more notable than others. Here are some of the most damaging ransomware attacks we’ve seen in 2021.
- National Basketball Association: It doesn’t matter what industry you operate in, any business can become a target. One of this year’s more surprising victims was the NBA. In mid-April, a hacker group called Babuk claimed to have stolen 500 GB of confidential data concerning the Houston Rockets.
- Acer: In May, this well-known PC manufacturer was targeted by the hacker group REvil. The cybercriminals managed to steal files and leaked images of sensitive financial documents. The $50 million ransom REvil demanded is one of the highest ransom demands to date.
- CD Projekt Red: Gamers know CD Projekt Red as the popular Polish video game development studio responsible for the Witcher and Cyberpunk series. In February, the firm was hacked by the HelloKitty gang. The hacker group accessed source code to game projects in development and encrypted devices.
- Colonial Pipeline: Colonial Pipeline is the East Coast’s largest supplier of fuel. In early May, it was hit by a ransomware attack from the group DarkSide. As a result, the East Coast’s fuel supply was disrupted for several days.
- JBS Foods: Shortly after the Colonial Pipeline attack, REvil carried out an attack against one of the biggest meat processing companies in the world. Although there were no food shortages during this time, it was discovered that JBS paid the group $11 million.
Ransomware is indeed troublesome, but that doesn’t mean your organization can’t protect itself. Here are a few steps your company can take to greatly reduce your chances of becoming a victim.
- Educate Your Employees: Educate your staff on the dangers of ransomware and other cyberthreats. Providing online courses, learning tools, and other helpful items can boost their understanding of the subject.
- Train Your Employees: In addition to education, you should train your workforce on how to spot suspicious activity.
- Change the Culture: Create a work culture that encourages following cybersecurity best practices.
- Maintain Communication: Maintain ongoing communication about cybersecurity by providing reminders.
- Configure Your Filters: Configure your anti-spam filters to flag file types commonly used to hide ransomware like .exe and .vbs.
- Create Backups: Frequently back up crucial files and systems so they can be recovered if a ransomware attack occurs.
Being proactive in your cybersecurity efforts is the best way to prevent ransomware attacks. RCS Secure provides multi-layered protection to keep your business safe. Our advanced security solutions are capable of detecting cyberthreats before they can affect your network.
Contact us today to learn more about how RCS Secure keeps your business safe.
RCS Secure offers a full spectrum of cyber security safeguards and services. Our services combine compliance standards expertise with cutting-edge technology to identify risks, prioritize remediation, and ensure you are both secure and compliant.