RansomwareSecurity
In simple terms, ransomware is a type of malware typically used by cybercriminals to gain access to your information and then lock you out. The aim is to gain financial advantage by threatening to publish your information, and/or lock you out so you cannot access it.
The first concrete cases of ransomware were reported in Russia in 2005. Since then, ransomware has spread all over the world, particularly over the past two years.
The increase in remote working as a result of COVID-19 has created more opportunities to get ransomware into core systems and cause severe disruption to business.
Source: BlackFog, The State of Ransomware in 2021
As shown in the above diagram, the number of recorded ransomware attacks in the world have been steadily increasing over the past two years. On average, there are at least 25-30 reported attacks each month.
According to BlackFog, the top five most attacked industries by ransomware in 2020 were government, education, services, manufacturing, and healthcare, with governments encountering at least 25 attacks worldwide.
In addition to the above, there are other key reasons to take note of ransomware:
These may just seem like statistics, but there are some names behind them. Here are some of the more significant ransomware attacks that have affected companies and software you may know:
WannaCry
The WannaCry ransomware attack of May 2017 was arguably one of the most well-known ones. The software targeted and encrypted the data on computers running Microsoft Windows, with attackers demanding a ransom in the Bitcoin cryptocurrency to release it.
The attack was estimated to have affected more than 200,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars.
Colonial Pipeline
Colonial Pipeline, an American oil pipeline company in Houston, Texas, suffered a ransomware attack in May 2021 that impacted its computerised equipment for managing the pipeline. Since the company is responsible for supplying 45% of diesel, petrol, and jet fuel to the United States’ East coast, the attack disrupted supplies for several days, causing fuel shortages and queues at pumps in states such as Georgia, North and South Carolina, and more.
Waikato DHB
Waikato District Health Board (DHB) in New Zealand confirmed in June 2021 that they had suffered a ransomware attack on their hospital computer systems and phone lines. An unidentified group having obtained sensitive data about patients, staff, and finances issued the DHB an ultimatum. A month later, the data was leaked on the Dark Web.
The ransomware attack brought the DHB’s hospitals and services to a halt and staff have had to resort to manual workarounds to continue caring for patients. Some people needing specialist treatment had to travel to other DHBs.
Kaseya
Several managed service providers (MSP) and their customers became victims of a ransomware attack perpetrated by the REvil group, causing widespread downtime for over 1,500 companies in July 2021. The source of the outbreak was traced to the Virtual System Administrator (VSA), a remote monitoring and management software package developed by Kaseya.
Kaseya ransomware attackers claimed they infected over a million systems globally and demanded $70 million in ransom. In New Zealand, there were over 100 and 11 schools affected by the attack.
For most ransomware attacks, the goal is to encrypt your data, so one of the best defence mechanisms against is to have a robust offline backup system in place and test it regularly by restoring the backup.
Regularly patching your applications and operating systems can greatly protect you from ransomware attacks. Most of the ransomware used in the attacks are known vulnerabilities that have been exploited in the wild for weeks or even months, so applying the latest security patches makes it harder for cybercriminals to take advantage of these known security loopholes.
By enforcing multifactor authentication (MFA) to access the network or log in to corporate accounts, it makes more difficult for cybercriminals to gain access.
Ransomware is a malicious payload that is downloaded onto a device. Therefore, the most common and easiest way for ransomware to infect your device is by clicking on a phishing link in an email.
Cybercriminals may leave a USB key inside or outside a workplace to entice staff to plug it into a computer. Once it is plugged in, the malicious payload will be automatically installed onto the computer.
When connecting to a public Wi-Fi network, your device is more vulnerable to ransomware attacks. This is because it opens the opportunity for others to see what you are doing online, including your usernames and passwords.
Don’t wait until your organisation has suffered a ransomware attack to start getting ready for it. If you found the above information useful, please reach out to us for a quick no-obligation chat about performing a full cyber posture assessment of your organisation to better protect against ransomware attacks.In the meantime, here is a quick ransomware preparedness checklist you can use to get you started on your cyber security preparedness:
We can help you protect your valuable assets and brand reputation. Following an international best practice methodical approach, we provide you with in-depth reports into weaknesses that attackers could exploit in your specific systems. We can then work with you to close these loopholes.
Find out how Planit’s three-pronged approach to security testing can help you protect your systems by addressing development, use, and infrastructure.
Find out more
Security Consultant
We use cookies to optimise our site and deliver the best experience. By continuing to use this site, you agree to our use of cookies. Please read our Cookie Policy for more information or to update your cookie settings.
