With 2020 coming to an end, after what felt like an eternity to many, cybersecurity & technology firm CrowdStrike have released their annual ‘Cyber Front Lines’ incident-analysis report, and it contains much food for thought. One of the more striking figures is that more than half of the cyber attacks they investigated involved ransomware; a form of malware which encrypts any files it can find until a ‘ransom’ is paid. Ransomware attacks are known to be extremely destructive, spreading quickly through networks and shutting down critical operations as they go.
Financially-motivated attacks in general, the majority of which were ransomware-based, made up 63% of the more than 200 incidents they responded to, demonstrating that the file-encrypting malware is big business for cyber criminals, and not going away any time soon.
Over the last few years, there has been a notable shift in how cyber criminals orchestrate their attacks on organisations. Rather than attempt to steal Personally Identifiable Information (PII) to sell on the dark web or other nefarious corners of the internet, cyber criminals are now moving their focus to disrupting businesses operations in the hopes of scoring a hefty ransom.
“The theft of data is bad, but what we are seeing now, the disruption of operations and destruction of data, is a whole new dynamic, and it really creates critical concerns for companies,” according to CrowdStrike’s CSO Shawn Henry. “We have seen companies shut down for weeks or months, or at least part of their network, … so the impact on operations is significantly more critical than the theft of PII”.
CrowdStrike also found that criminals are likely to attack the same targets multiple times, with 68% of the organisations that leveraged’s CrowdStrike’s expertise and security suite being attacked again within 12 months of an initial cyber attack. In their global threat report, released back in November, CrowdStrike found that of the organisations which reported being the victim of a ransomware attack, almost a quarter was attacked multiples times in the same year.
“Information security is not unlike physical security,” says Henry, a former FBI special agent. “If you think about the physical world, and you have bank robbers, they are going to keep going until they get caught. It is similar here with these actors. Until you actually stop the actors, this will continue.”
Ransomware was a relatively obscure term to many until 2017, when large-scale attacks such as WannaCry and NotPetya shocked the world by causing huge disruption to both private businesses and public-sector organisations, including critical national infrastructure and hospitals. In fact, hospitals and healthcare facilities in general have long been a traditional target for ransomware-wielding cyber criminals, as encrypting their systems can threaten patient care and create maximum urgency to pay the ransom.
While some cyber crime groups actually stated their intention to avoid attacking critical medical infrastructure with ransomware and other malware for the duration of the Covid-19 pandemic, these ‘altruistic’ criminals appear to be in the minority, as the US recently reported a spate of ransomware attacks which negatively affected operations at dozens of hospitals.
All in all, it seems that ransomware is here to stay, and will remain among the most prevalent cyber threats facing organisations today, as financially-minded cyber criminals continue to leverage it for large pay-offs, and panic-stricken organisations continue to pay them against the recommendations of governments and security experts.