Ransomware has reached epidemic proportions globally and is becoming the “go-to method of attack” for cybercriminals. IBM’s 2021 Data Breach Report reveals that ransomware-related data breaches have doubled in each of the past two years. At the current growth rate, ransomware attacks will surpass phishing as the number one root cause of data compromises in 2022. The proof of ransomware’s rise is in the numbers.
- A 2017 report from Cybersecurity Ventures predicted ransomware damages would cost the world $5B in 2017, up from $325M in 2015 — a 15X increase in just two years.
- The damages for 2018 were estimated at $8B, and for 2019 the figure rose to $11.5B.
- The latest forecast showed global ransomware damage costs reaching $20B by 2021— which is 57X more than it was in 2015.
- In 2021, there was a ransomware attack on businesses every 11 seconds, up from every 40 seconds in 2016.
- Ransomware costs are expected to reach a collective total of $265B by 2031.
This two-part blog series will first investigate the cause and effect of ransomware, 2021 attack trends and some of the highest profile ransomware attacks of 2021. The second part of our series will examine the key takeaways from ransomware attacks and how companies globally can protect their PHI, PII and payment data using a mix of encryption and tokenization – so that if a ransomware attack does occur, no clear-text data can be leveraged for a payout.
You can also download our full ransomware security brief today.
Ransomware – Cause and Effect
Not too long ago, ransomware was an unfamiliar term to most Americans. The first documented case came in 1989, when a Harvard biologist mailed 20,000 floppy disks to event attendees, with a message appearing on the users screen demanding they mail $189 to a P.O. Box in Panama in exchange for access to their files. IT specialists quickly discovered a decryption key that enabled victims to regain access without paying the ransom, so the first actual reported ransomware case was a bust. Since then, ransomware has evolved and now is the fastest growing and one of the most damaging types of cybercrime.
“Over the last decade or so, ransomware has come of age. What started out as a relatively simple virus on a floppy disk now has the potential to cripple global healthcare systems, interfere with fuel supply chains or disrupt transport infrastructure. Its appeal to bad actors lies in its simplicity. Ransomware attacks do not need to be particularly sophisticated to cause a lot of damage – and potentially result in lucrative ransom payments for criminals. For that reason, the number of these attacks continues to increase at a rapid pace.”
In its most basic form, ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment.
There are a number of vectors that ransomware can use to access a computer. One of the most common delivery systems is phishing — attachments that come to the victim in an email, masquerading as a file they should trust. Once the files are downloaded and opened, they can take over the victim’s computer, especially if they have built-in social engineering tools that trick users into allowing administrative access.
There are several things the malware might do once it has taken over the victim’s computer, but by far the most common action is to encrypt some or all of the user’s files. If companies do not have adequate backups of their files, they must pay the ransomware to restore the files. Alternatively, if the company also has not protected payment and sensitive data in the files that the hackers get, the hackers can use this clear-text data as leverage to get the company to pay the ransom.
2021 Ransomware Attack Trends
Fraudsters continued to evolve and change their tactics with each attack in 2021.
Ransomware as a service: Cybercriminals don’t even need to code their own attacks anymore. Crime syndicates have built a new business model offering out-of-the-box ransomware attacks for sale on the Dark Web. Some of the criminals even offer customer service to help clients with their exploits.
Contactless delivery: Many ransomware attacks are performed with malware that exploits a vulnerability or a back door in software code of often-used apps to do its work.
Double Extortion: Ransomware groups have increasingly used the tactic called double extortion, where they not only steal a company’s data and demand a ransom, but also threaten to publish it to increase the pressure to pay.
Supply chain attacks: Hackers have learned that it is often easier to attack a less protected supplier than a company’s well-guarded system. Cybercriminals have increased supply chain attacks, where access is gained through a vendor’s compromised credentials or infected systems.
2021’s Biggest Ransomware Breaches
Victims of the 10 biggest cyber and ransomware attacks of 2021 were hit with ransom demands totaling nearly $320M, spanning verticals from financial services, healthcare, and automobile manufacturing to food production, oil and gas, and chemical.
Kia Motors America. Kia suffered a ransomware attack that demanded $20M for a decryptor to stop a leak of the stolen data. Prior to the public ransom demand, Kia had experienced a nationwide IT outage that affected their phone services, payment services and internal sites used by dealerships.
JBS. Internationally owned meatpacking conglomerate JBS briefly shuttered plants and stopped deliveries of its products – one-fifth of the nation’s meat supply – to grocers in June 2021. Technology staff members noticed irregularities with the functioning of some servers and shut down their systems to slow the attack’s advance. Operations resumed after the company paid $11M in ransom to stop further disruption and to limit the potential impact of restaurants, grocery stores and farmers.
CNA: Chicago-based insurance giant CNA experienced an attack that shut down their IT systems, affecting more than 75,000 employees, contractors and policers holders. The hack revealed names, personal identification details and social security numbers, as well as disrupted CNA’s corporate email and website, reducing it to a static display. CNA paid a $40M ransom to regain control of its systems, telling the Securities and Exchange Commission that its own insurance policies may not cover all potential damages.
Colonial Pipeline. Perhaps the most high-profile ransomware attack of 2021 was the breach of Colonial Pipeline, which shut down the 5,500-mile gas pipeline for five days, leaving over 10,000 gas stations across the Southeastern U.S. out of fuel. Colonial Pipeline paid Darkside Ransomware group $4.4M to restore its operations, but the FBI later recovered $2.3M of the ransom paid to the cybercriminal gang.
Quanta. Hacker group REvil stole product blueprints from Apple supplier Quanta Computer, then posting an extortion letter to Apple – as well as some sample technical files including diagrams of MacBook components – on their dark web leak site, demanding that Apple pay $50M to prevent its stolen data from being leaked and warned that they would double the ransom demand if it wasn’t paid quickly.
Stay tuned for the next installment of our blog or download the full security brief today.