Ransomware attacks have been on a steady rise in 2021, both in number of ransomware attacks and also ransom amounts. There are trend shifts also in the ransomware targets, with more and more hackers pressing where it hurts most: pivotal infrastructure and software supply chains. An attack so deep into a system is bound to leave trailing mayhem…
The analysis being pulled from these changing ransomware trends does not paint a pretty picture. Almost no industry (scale or sector) can be deemed to be completely safe from ransomware. Everybody needs to beware of ransomware and implement ransomware protection tools or else brand damage and financial losses are waiting for them down the road.
Ransomware trends by attackers
As we explained in a previous blog on rising ransomware attacks, the villains behind these ransomware cases are not widely dispersed; in fact, a majority of these incidents are masterminded by only a handful of hacker groups.
In the past year, security researchers at Barracuda have studied 121 ransomware attacks, which is a 64% YoY increase.
Ransomware trends by industry targets
When it comes to the industries being targeted, municipalities, health care, and education are still in the deepest warzone. But other industry sectors are slowly being affected more and more.
Attacks on businesses working in the infrastructure, travel, financial services, and other sectors accounted for 57% of all ransomware attacks between August 2020 and July 2021. Of these, Infrastructure-related businesses formed 11% of all the ransomware attacks that were considered. Software supply chains are projected to be the next hot targets, considering the reach of damage and payday available to the hackers from this industry.
The most worrying factor about software vendors being in the crosshairs is that their products and tools often house data belonging to their customers, and their customers’ customers. When software supply chains fall prey to ransomware, this sensitive data is also at stake!
Ransomware trends by geography
When it comes to understanding the ransomware trends of 2021 w.r.t. geographical distribution, interesting findings have come to light. Ransomware has crossed the US borders and are going global with their targets. Only 44% of the ransomware incidients in the past month were recorded in the USA. 30% of the attacks happened in EMEA, 11% in Asia Pacific countries, 10% in South America, and 8% in Canada and Mexico.
Categorizing ransomware attack patterns
The methodology behind these rising ransomware attacks is also evolving. Plain vanilla phishing attacks have gone out of fashion. Now, cybercriminals are leaning more on credential theft, and though phishing is the basis of some of them, the intent and expertise in executing them is on a different level.
Hackers are becoming lazy; they want as big a blast as possible by doing the littlest amount of work possible.
That’s why, they try to steal credentials first, so that they can get full control of a system and create backdoor accounts and connecting chains (through the connected network) for perpetrating further attacks.
Also, web applications and online portals are also being targeted more, because of increased user interactivity elements. With these increased forms, hackers have a wider opportunity for farming credentials.
Ransom payment trends
This is another important aspect to investigating when studying ransomware trends. With the techniques of executing a ransomware attack, the amount demanded by the hackers has touched the skies. The average ransom demanded in a ransomware case is a minimum $10 million now.
Curiously, there is also a direct correlation between the rise in ransom demands and the growing trends of adopting cryptocurrency. This gives hackers an option to demand their ransom in a different currency than regular money, the value of which is only rocketing.
Another impetus to growing ransom demands is that more and more organizations are refusing to pay the ransom amount. So, how did ransomware victims get so bold all of a sudden? This is because more and more organizations – and this is a wonderful positive sign – are partnering with ransom negotiators and the well-equipped cyber authorities. This is a sign companies are snapping out of panic mode pretty quickly, and are proactively taking steps to pull themselves out of the mess.
Positive paradigm shifts
Legal action is surely encouraging for security providers like us. But beyond that, there have also been activities undertaken by the White House to reach out to world leaders and take stringent steps to make cyber criminals pay. In the US, decision makers and high-placed officials have had enough of these ransomware attacks and are now going on the offence. We are sure India will get there soon too.
More IT and security resources and updates.