From a local food retailer to a multi-national company, ransomware attacks continue to loom over cyberspace. Ransomware operators target victims by encrypting their sensitive files, paralyzing operations, and demanding high ransoms. They also threaten victims by posting the stolen data on darknet forums. According to a global investigation, ransomware attacks are the most observed security threats in 2020, accounting for one-third of all cyberattacks as of September 1, 2020, with Ryuk, Sodinokibi, and Maze as the most observed ransomware variants.
By Rudra Srinivas, Feature Writer, CISO MAG
Nearly 56% of organizations reported a ransomware attack in the last year. It is suspected that the rising ransomware attacks may impact almost all businesses globally of all sizes and sectors. These are the most targeted and affected industries by ransomware attacks in 2020:
The year 2020 witnessed a huge surge in ransomware attacks targeting schools, colleges, and other academic institutions in the country. Threat actors demanded Bitcoins as ransom from the victims and threatened to expose the stolen data of students if not adhered to. Recently, the University of Utah’s College of Social and Behavioral Sciences (CSBS) paid a ransom of $457,059.24 to the attackers to retrieve the decryption key to the seized information. Unknown threat actors encrypted the data stored on CSBS computing servers and stole certain unencrypted data before encrypting the systems.
Ransomware attacks impacted over 86 universities, colleges, and disrupted operations of nearly 1,224 individual schools last year. The U.K.’s National Cyber Security Centre (NCSC) warned educational institutions to be vigilant of rising ransomware attacks and urged them to follow the required mitigation measures.
In a recent joint advisory, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned that ransomware, malware, and DDoS attacks are the main threats for K-12 educational institutions. The three government agencies stated that ransomware operators continue to target schools through the 2020-2021 academic year.
2. Information Technology
The information technology (IT) sector faced multiple challenges in 2020 while adjusting its operations according to the aftermath of the pandemic. From securing the distributed networks to defending from sophisticated cyberattacks, it has been a roller-coaster ride for most corporate organizations. Ransomware operators succeeded in targeting large organizations and forcing ransom payments. The average enterprise ransom payments increased 33% ($111,605) in Q1 of 2020 from Q4 of 2019, according to a research report.
Recently, IT services provider Cognizant suffered a Maze ransomware attack that caused service disruptions for some of its clients. The Maze ransomware operators made headlines in recent months for holding its victims’ systems and threatening to leak their information if they fail to pay the ransom.
3. Health Care
The health care providers are primarily targeted and most affected by ransomware attacks in 2020. While hospitals across the globe are preparing to deploy the vaccine for COVID-19, opportunistic cybercriminals are finding their way to exploit the resources and valuable medical data. Recently, there were a series of Ryuk ransomware attacks targeting multiple hospitals in the U.S. Cybercriminals compromised critical network systems across six hospitals on the same day. The Department of Homeland Security (DHS), CISA, and the FBI jointly issued a red alert to all hospitals and health care providers across the U.S.
According to a survey from privacy website PrivacyAffairs.com, health care data breaches increased by 2,733% between 2009 and 2019 in the U.S., at an average of 1.4 breaches exposing at least 500 records per day. The survey also found that there were over 3,054 data breaches of health care records over the past decade.
Ransomware attacks continue to be the most concerning threat to retail enterprises in 2020. Recently, an unknown ransomware gang attacked popular Indian sweets and snacks company Haldiram. The attackers compromised the company’s critical data and demanded ₹7.5 lakh (approximately $ 10,220) ransom.
Earlier, security firm Cyble claimed that a threat actor group “John Wick” demanded ransom after gaining unrestricted access to a database belonging to Paytm Mall, an Indian e-commerce unit of payment solutions provider Paytm. Cyble stated that the group uploaded a backdoor/Adminer on the company’s website to obtain access to their production database and compromised all accounts and related information of the company. Paytm Mall denied the data breach allegations saying that the company’s data is secure.
According to a report, organizations in India suffered over 1.45 million ransomware attacks, including data breaches, hacks, and other security incidents between 2015 and 2020.
Ransomware: A Lucrative Business for Cybercriminals
Ransomware actors are openly demanding a higher ransom. They have diversified ransomware attacks by incorporating new revenue streams like forcing victims by threatening to expose their sensitive data online and auctioning off victims’ data to other criminals on the dark web. Putting ransomware on a computer is the most successful way for cybercriminals to churn out money. It continues to be a hot topic, and though paying the ransom is a personal choice, businesses need to rethink how they can step-up their security game to protect customers.