For scale, let’s look at a list of the 10 biggest ransomware attacks of 2021 – so far.
WannaCry and NotPeyta ransomware typically used a public-key RSA encryption to encrypt victims files. Today, encryption-based ransomware is slipping in popularity, in favour of a joint ransomware and data breach attack style, known as double-extortion. While companies once simply paid a ransom (or didn’t pay) for a decryption key, and usually got their files back, double extortion is much more damaging. While encrypting the system, the ransomware is also stealing valuable data, which is sometimes held for ransom, or sold on the dark web – or both.
The first instance of triple extortion on the books was in 2020, involving The Finnish Vastaamo clinic losing data related to 400 employees and 40,000 patients to cyber attackers. “The extortionist, who went by the name “RANSOM_MAN,” claimed they would publish the data of 100 people each day onto their own Tor file server until they received the bitcoin from Vastaamo. As the company resisted, “RANSOM_MAN” published the personal data of 300 people, including various public figures and police officers,” Wired wrote in an article detailing the attack. Then, as a kicker, the ransomware operator went on to extort small amounts of money from many of the clinic patients!
REvil, seen in the news daily in 2021, started adding a distributed-denial-of-service (DDoS) element to their ransomware attacks, then combined the attack with phone calls to employees, customers and even journalists. With industry-leaders like REvil using this tactic regularly, we can expect to see this element employed by many other ransomware operators in the upcoming months.
Most of these successful attacks were launched using stolen credentials or through a phishing email with a malicious link. It’s important to educate your employees on the finer points of cyber security immediately. Share these tips with your employees, both remote and in-house, and follow them yourself, to promote a safer, ransomware-free work environment.
We can see in the list of attacks above, that while some companies lost it all and paid massive ransoms, some decided not to pay. Why were these companies able to say “no?” They were prepared, with incident response services and appropriately configured backups and storage. With ransomware insurance a hotly debated topic, we can’t rely on insurance to back you up without the right security systems, if at all.
One great way to protect your business from ransomware attack, is to deploy an incident response service to analyse the security of your network, seek out vulnerabilities that could be exploited, and then step in to help with any attack and recovery process. Working with a company like Sangfor Technologies for your incident response service takes the pressure off your IT department, and onto technology where it belongs. Sangfor incident response teams help in the pre, mid and post attack phases, to not only prepare you for attack, but to stop the attacks from happening – or fortify your network against the same type of attack in the future.
Ransomware is not a passing trend, and triple extortion is just the newest of many upcoming surprises. With all the development it’s undergone in just one year, we can certainly expect to see it growing at leaps and bounds in the near future. No one is safe from ransomware, so prepare today!