There may have been a distant hope when 2020 ended that the sharp rise in ransomware attacks would recede as the economy entered recovery. Unfortunately, that may have been a pipe dream.
Here’s just a snapshot in time of recent attacks:
- DarkSide, the same ransomware group that extracted a $5 million payment from US energy supplier Colonial Pipeline, also attacked the European unit of Toshiba (with undisclosed results), according to Reuters.
- Ireland’s state health services said it will spend probably tens of millions of dollars this year to revamp its IT infrastructure after a ransomware attack, said a May article by Reuters.
- The Financial Times reported that multinational insurance company AXA said it had been the victim of a “targeted ransomware attack.” Cybercriminals claimed to have seized sensitive data that affected operations in Thailand, Malaysia, Hong Kong and the Philippines.
It’s hard to get definitive data on the scope of ransomware. Each source differs, but they all point to a huge increase last year and this.
Coveware, a security firm that helps companies in ransomware attacks, reported average ransomware payments in Q1 rose to $220,298—a 43 percent rise over Q4 2020. The median rose as well—by 59 percent in Q1 compared to Q4. The median payment in Q1 was approximately $78,400.
A worrying trend is the increased use of the tactics of exfiltration of data followed by the threat of leaking that data if payments are not made. A good example this year was when Canadian aviation company Bombardier announced had some of its sensitive data had been leaked.
Another trend is the increasing sophistication of the ransomware “ecosystem.” Sometimes called “gangs,” these ransomware groups really operate as groups of specialists who work on various steps of a data breach or malware attack. They then sell access to their work in return for a cut of payments.
The Colonial Pipeline attack demonstrated just how vulnerable critical infrastructure can be. Earlier this year, unpatched Microsoft Exchange servers were the target of a widespread theft of data affecting some 60,000 private companies, as reported by Bloomberg.
The Wall Street Journal recently reported that the Justice Department formed a ransomware cybersecurity task force. The article quoted Acting Deputy Attorney General John Carlin’s dire warning: “If we don’t break the back of this cycle, a problem that’s already bad is going to get worse.”
We all wish the news was better, but it really does seem like any business not backing up and protecting its core data is flirting with disaster.