Ransomware
Emerging Trends & What We Have Learned
Ransomware is one of the most common global malware threats
One that often catastrophically impacts an organisation. So, it should come as no surprise that 2021 brought us some of the largest ransomware attacks to-date. With large national and global brands (who command large security budgets and resources) making the headlines, the upward trend of cybercrime across the globe.
Whilst the large scale attacks against big brands make the news, small to medium enterprises are just as vulnerable to these increasingly sophisticated attacks.
Looking back at 2021, there is a lot we can learn from the emerging trends, large scale attacks and the aftermath of a ransomware infection. This information is crucial to organisations looking to understand the associated risks of a ransomware outbreak, empowering them to ensure the necessary mitigations are in place.
RANSOMWARE STATISTICS
Ransomware costs total $20 billion in 2021
37% of business and organisations affected
Recovery costs on average $1.85 million
32% of organisations pay the ransom, only 65% get the data back
57% of businesses recover lost data
Ransomware & Cyber Threat Trends of 2021
In the fast-moving world of cyber security, there are a always trends to watch for. To sift through the noise, we have highlighted some of the key takeaways below.
Working From Home
With the continuation of working from home in 2021 (and signs that it might not go away) many IT departments are now protecting an extend attack surface. Exposure of corporate devices to home networking environments, increasing spam volumes (common delivery mechanism for ransomware), and not being around colleagues who can help all play a part in raising the risk of exposure.
Sophisticated Attacks
Modern ransomware attacks are growing increasingly more sophisticated, both in terms of the technologies leveraged and the effort applied by cyber criminals. There is a growing trend of bad actors performing scrupulous amounts of research around their targets. From researching employees via social media and whether a company has ransomware insurance, to tracking stock prices and company activities to time their attacks. Organisations must utilise multiple layers of security (technology, people and processes) to help fight these premeditated attacks.
Ransomware-as-a-Service (RaaS) Increasing
Ransomware “gangs” are functioning very much like real companies, supplying sophisticated ransomware kits to bad actors on a subscription model. These kits come with all the benefits of a SaaS product, constant updates and changes (making the exploits more technical and varied), low consistent costs ensuring large ROI, and even support! This lowers the bar considerably for malicious individuals/groups looking to extort internet citizens.
Supply Chain Attacks & Trusted Services
Supply chain attacks are becoming increasing popular. Hot off the heels of SolarWinds, Kaseya (a global remote monitoring and management tool vendor) announced a vulnerability within their products that exposed their customers (and their customers customers) to ransomware attacks. It also highlights an increase in the use of trusted tools and services, as the initial attack vectors for deploying ransomware payloads.
Large Scale Attacks 2021
Whilst there are thousands of attacks per day around the globe, we have highlighted some of the largest headline-grabbing breaches of 2021:
| Company | Industry | Date | Vulnerability | Ransom | Impact |
| Brenntag | Chemical distributor | April 2021 | Compromised credential purchased on dark web | $4.4 million in Bitcoin – Paid | Operational difficulties, threat of confidential information leakage |
| Colonial Pipeline | Petrochemical & Oils | May 2021 | Compromised credentials from dark web | $4.4 million Bitcoin – Paid but half recovered | Surge in fuel pricing within US (highest within 7 years) |
| JBS | Food supplier | May 2021 | Not disclosed | $11 million Bitcoin – Paid | Operations affected in Australia, Canada and US |
| Health Services Executive (Irish Health Service) | Healthcare | May 2021 | Phishing email containing malicious Excel file open by user | $20 million – Did not pay | Cancellations of medical appointments, no access to patient records, delays in COVID testing, for a number of weeks |
| Kaseya | IT Software | July 2021 | Vulnerability in product | $70 million – Did not pay | Approximately 1,500 organisation using Kaseya products affected globally |
Ransomware:
What’s to come in 2022
Ransomware is here to stay and we can expect an increasing number of organisations to be affected in 2022. With the rise of RaaS and the anonymous nature of cryptocurrencies, it can be a lucrative business for cyber criminals. Large pay-outs, low technical requirements and anonymity will only exacerbate this in 2022. A recent quote from the director of GCHQ (UKs intelligence, security and cyber agency) suggests that attacks on organisations in the UK have doubled.
“I think that the reason [ransomware] is proliferating – we’ve seen twice as many attacks this year as last year in the UK – is because it works. It just pays. Criminals are making very good money from it and are often feeling that that’s largely uncontested,”
In 2022, making sure key stake holders understand the risks and impacts of such an attack is vital. Sufficient resource needs to be allocated to protect an organisations interests through 2022 and beyond.
