Five years on then, what have we learned from the attack and what long-term effect has it had on the industry?
In recent years, organizations all over the world have been hit by increasingly sophisticated ransomware attacks. For some, the impact is so severe that normal business operations experience major disruption with a knock-on effect on customers and revenue. For others, the impact can last weeks or even months as they seek to restore IT services and access to vital data.
Since the start of last year, for example, organizations across a huge range of sectors -- from oil and gas to food -- have seen their services impacted by ransomware. KP Snacks suffered an incident that brought its supply chain to a halt, with the company unable to process orders and dispatch products. And most recently of all, The Works, a retailer with over 500 stores across the UK, was forced to close some outlets after an employee reportedly fell victim to a phishing email that introduced ransomware to their infrastructure.
Ransomware is becoming a risk that UK organizations cannot afford to take, with rising financial and operational costs. A staggering 75 percent of UK organizations were targeted by ransomware in 2021, and where these attacks were successful, most (82 percent) paid the ransom. This makes the UK the most likely country in the world to make ransom payments. As cybercriminal strategies evolve to bypass traditional network-based defenses, a multi-layered ransomware defense strategy is vital for organizations to protect their mission-critical data.
First, it’s important for us to understand the typical defense strategies that attackers have adapted to, in order to appreciate the rationale for the boost in cyber protection. And, we need to understand the rising costs of these incidents, to prove the business value of initiatives that are aimed at prioritizing prevention and detection of cyber-attacks before they occur. It’s not just a quick fix -- failure to implement these solutions can affect your profitability, reputation and even put your company out of business.
The FBI has warned food and agriculture companies to be prepared for ransomware operatives to attack agricultural entities during planting and harvest seasons.
The FBI warning notes previous ransomware attacks during these seasons against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertilizer.
While the Russian security firm has fallen out of favor in recent months, Kaspersky has announced that it has managed to crack the Yanluowang ransomware.
Yanluowang was discovered by Symantec last year, and now Kaspersky has identified a vulnerability in the encryption algorithm it uses. This has enabled the company to develop a free decryption tool which can be used by ransomware victims to get their data back without having to pay a cent.
The ransomware threat is very real with attacks growing in size and frequency, in part, because of the acceleration of digital transformation initiatives and the move to embrace digital services as well as the rapid implementation of hybrid ways of working.
As new digital systems required multiple access points for customers, partners, and employees, this has created a vastly expanded attack surface. This has hastened the rise in ransomware attacks, as attackers quickly took advantage of the increased number of possible attack vectors.
Of more than 600 respondents to the survey, 79 percent have experienced a ransomware attack within the last year, with 17 percent experiencing attacks weekly and 13 percent daily.
The threat landscape continues to see rapid evolution, especially as the digital world grows increasingly connected and more organizations outsource business services. Adversaries are getting smarter, and their techniques are getting more advanced by the day. This has put a spotlight on the security of our global supply chain and how unstable and unprotected it is.
In fact, software supply chain attacks have tripled in 2021. The potential ripple effects of risks and disruptions within an organization’s supply chain that could ultimately impact their business are immense. Research shows that a data breach affecting multiple parties causes 26X the financial damage of the worst single-party breach.
When it comes to ransomware, sometimes the cost of downtime can exceed the cost of paying up. Companies with frozen data and systems face loss of revenue, productivity, customer departures, damaged reputations, never mind the cost of the ransom itself. Take an organization like Colonial Pipeline, which should have had healthy backups in place to quickly recover from their attack and most likely did. However, they opted to shell out $4.4 million in ransom because they didn’t know how long it would take to get up and running again.
And according to ITIC's 2021 Hourly Cost of Downtime survey, one hour of a server being inoperable costs $300,000 or more for 91 percent percent of mid-sized and large enterprises.
A new Risk Insights Index released today by Corvus Insurance reveals that the rate of ransomware claims reached in the final quarter of last year was just half of the peak seen in Q1.
At the same time the average ransom paid was around $167k, 44.2 percent less than the Q3 figure. Fewer ransoms are being paid compared to those demanded too. The percentage for the last quarter of 2021 held steady in the low twenties, down significantly from figures that once were over 50 percent. As recently as Q3 2020, the ratio was 44 percent.
A new survey of more than 1,200 security leaders reveals they've seen an increase in cyberattacks while their teams are facing widening talent gaps.
According to the latest State of Security report from Splunk 65 percent of respondents say they have seen an increase in attempted cyberattacks. In addition, many have been directly impacted by data breaches and costly ransomware attacks, which have left security teams exhausted.
Early ransomware campaigns relied on sending out large volumes of emails in so called 'spray-and-pray' attacks.
But a new report released today by Cybereason highlights the rise of sophisticated RansomOps attacks that are allowing ransomware syndicates to reap the benefits of record profits.
A record 71 percent of organizations were impacted by successful ransomware attacks last year, according to the 2022 Cyberthreat Defense Report (CDR) from CyberEdge Group, up from 55 percent in 2017.
Of those that fell victim, almost two-thirds (63 percent) paid the requested ransom, up from 39 percent in 2017.
Ransomware made news headlines worldwide earlier this month after a successful attack against one of Toyota Motor Corp.’s parts suppliers forced the automaker to shut down 14 factories in Japan for a day, halting their combined output of around 13,000 vehicles.
That attack was the latest example of the threat ransomware poses to all industries. The most recent edition of SonicWall’s annual threat report states that the volume of ransomware attacks in 2021 has risen 231.7 percent since 2019. And an advisory jointly issued by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the NSA reveals the latest trend is ransomware as a service -- gangs of bad actors essentially "franchising" their ransomware tools and techniques to less organized or less skilled hackers.
New research from Splunk's SURGe team looks at how quickly ten major ransomware strains, including Lockbit, Revil and Blackmatter, can encrypt 100,000 files.
The research shows that the median ransomware variant can encrypt nearly 100,000 files totaling 53.93GB in 42 minutes and 52 seconds. Encryption speeds vary between ransomware variants though with individual ransomware samples ranging from four minutes to three and a half hours to encrypt the same data.