Request your free custom report and see how you can start reducing your cyber risk exposure across your digital ecosystem: cloud assets across all geos & subsidiaries; discover shadow IT; security risk findings; and more!
What Can Ransomware Do? The Devastating Impacts and How You Can Protect Your Organization
Tags:
Ransomware is rapidly becoming the most common form of cyberattack. According to the Verizon 2021 Data Breach Investigations Report, ransomware incidents have doubled year-over-year with headline-grabbing consequences.
As if reflecting this trend, cyber insurance ransomware claims have also risen. Data collected by the University of Cambridge found that, in 2020, ransomware comprised 54% of insurance claims compared to just 13% between 2014 and 2019.
Why is ransomware so widespread?
The answer comes down to time and money. Ransomware attacks are significantly cheaper to implement compared to other attack vectors – and the returns are higher.
For instance, the rise of ransomware-as-a-service (RaaS), whereby malicious ransomware developers sell their malware as a license, has made it easy for would-be hackers to execute attacks without much technical knowledge and with smaller teams.
The growing popularity of cryptocurrency also enables ransomware. Cybercriminals are increasingly demanding ransom payments in bitcoin – transactions that are anonymous and almost impossible to track.
The rewards speak for themselves. The Verizon DBIR found that the median ransom paid in 2020 was $11,150 but ran as high as $1.2 million. With such a great potential to earn money, so-called “ransomware gangs” have become more organized. Many of their members have different roles and specialize in specific ransomware attack methods, which helps these groups maximize their potential gains.
What can ransomware do?
Financial loss is only one impact of ransomware. Obscuration, which occurs when the ransomware installation encrypts the victim’s data, can result in significant business disruption for days, weeks, or months. Aside from the immediate losses, businesses also incur the cost of incident response, digital forensics, regulatory fines, and legal and PR counsel resulting from long-term damage to a company’s reputation. In the healthcare sector, ransomware can even have deadly consequences.
What are some ransomware examples and popular targets?
It can be hard to keep up with the ransomware threat landscape. The following examples show the pervasive and potentially catastrophic risk that organizations in almost every industry must address.
Energy and utilities sector
One of the most costly and disruptive incidents of recent times is the Colonial Pipeline ransomware attack. Believed to be the largest-ever attack on an American energy system, hackers disrupted fuel supply across the East Coast for days until a $4.4 million ransom was paid (although the Department of Justice later seized the funds).
The attack was attributed to DarkSide, a relatively new RaaS group first discovered in August 2020. According to CISA, DarkSide explicitly targets large, high-revenue organizations, stating that their goal “is to make money [not create] problems for society.” The group’s ransom requests range from $200,000 to $2,000,000 – although history has shown that they are open to negotiation! In addition to the pipeline attack, DarkSide recently announced three more victims, including a Scottish construction company, a renewable energy product reseller in Brazil, and a technology services reseller in the U.S. The hackers stole client, employee, and financial data.
Colonial Pipeline wasn’t the first headline-grabbing attack on the energy and utilities sector. Four years earlier, Ukraine famously “went dark” when NotPetya took down the country’s entire energy grid. Bitsight research suggests that similar attacks in the U.S. are likely: After reviewing the cybersecurity performance data of more than 2,000 U.S.-based oil and energy companies, we found that 62% are at heightened risk of a ransomware attack.
Healthcare sector
Another vulnerable and lucrative target for hackers is healthcare. Since 2009, there have been over 3,000 healthcare data breaches in the U.S. medical industry. Notable incidents in recent years include NotPetya attacks against drugmaker Merck and Heritage Valley Health Systems (both in 2017), the latter resulting in postponed surgeries. In September 2020, major healthcare provider Universal Health Services experienced a ransomware attack resulting in widespread computer systems failures. And, in May 2021, Ireland’s health service suffered a ransomware attack forcing a shutdown within its IT infrastructure.
Public sector and education
Hackers also have the public sector and education institutions in their sights. In 2020, 33% of cyberattacks on government agencies were ransomware, disrupting missions and public services and creating a national security risk. Schools are also fast becoming a leading target.
Supply chains
Supply chains are an emerging trend as a vehicle for ransomware. In July 2021, the REvil ransomware group attacked Kaseya, a Florida-based software provider of a widely used remote management monitoring solution. The attack impacted Kaseya, its customers, and companies who outsource IT management to Kaseya. Hackers requested $70 million in payment.
These sectors are not alone. Manufacturing companies, financial services, retailers, and others are also vulnerable to the mounting ransomware threat.
What can you do to protect against ransomware?
No organization is immune from ransomware, but there are best practices you can follow to minimize the risk to your organization. While there are tools to help combat ransomware, it’s also critical to maintain a relentless focus on security hygiene. This means regularly applying software patches and proper configuration management protocols since both contribute to a heightened risk of ransomware. It also requires maintaining a continuous view of your vendors’ security postures to reduce the risk of supply chain ransomware attacks.
In fact, Bitsight’s research team analyzed hundreds of ransomware events to estimate the relative probability that an organization will experience a ransomware event. Overall, the data shows that organizations with a Bitsight Security Rating lower than 600 are 6x more likely to be a victim than organizations with advanced ratings. Furthermore, organizations with a less mature patching program increase their ransomware risk sevenfold.
Read more about the research, the factors that can increase your organization’s ransomware risk, and best practices to protect your organization. You can also see how your organization stacks up by requesting your Free Security Rating and Customized Report.