Last year, there was considerable evolution in terms of ransomware trends and techniques. In the US, and abroad, we saw many high-impact attacks being carried out against critical infrastructure entities. These highly disruptive and highly publicized attacks brought increased pressure from law enforcement, which led to arrests and takedowns of ransomware groups. Because of this, the second half of 2021 saw a shift in attacks against more mid-sized targets…those organizations not large or critical enough to draw scrutiny or investigation from law enforcement, but large enough to get a good payout.
In fact, analysis shows that companies with 1,000 employees or less are accounting for about 82% of attacks. And although the number of attacks seemed to have decreased towards the end of 2021, the average ransom payment increased dramatically in the final quarter of the year. (Data from Coveware).
An alert from CISA (Cybersecurity & Infrastructure Security Agency) details more ransomware trends, developments, and the current state of the global ransomware threat.
Top Ransomware Attack Vectors
- Exploiting RDP (remote desktop protocol)
- Email Phishing
- Exploitation of software vulnerabilities
Ransomware Attack Trends
- Triple extortion tactics: threatening to release stolen information to public; disrupting operations; and informing partners, shareholders, suppliers of attack
- Ransomware groups are sharing victim information with each other
- Utilization of cybercriminal services-for-hire
- Targeting MSPs to maximize their attack across many victims
- Attacking software supply chain and industrial processes
- Deploying attacks during holidays and weekends
- Targeting the cloud
Reducing Your Risk of Attack
- Update all systems and software and do so regularly
- Segment your networks
- Secure and monitor RDP closely
- Require multi-factor authentication
- Have a good backup and disaster recovery process in place
- Enforce strict password requirements
- Implement user cybersecurity training
- There are many more mitigations to apply to improve your security posture. Read more in our “Reduce the Risk of Ransomware & Other Cyber Attacks” blog.
Read the full alert issued by the CISA.
Though ransomware and other cyber-attacks will likely continue to be a problem in 2022, we are seeing some promising steps and developments in the fight against cybercrime. Executive orders have been issued to harden the cybersecurity posture of government agencies and law enforcement is taking more action in pursing the takedown of ransomware operations. High profile attacks are also raising cybersecurity awareness for organizations and individuals. Finally, the cyber liability insurance market is tightening their requirements for coverage (you can read more about this in our “What to Expect from Your Cyber Breach Insurance Policy” blog).
If you have been hit with a ransomware attack, you can reach out to Alvaka Networks at any time. We are available 24×7, 365 days a year with live support. Call us at (949) 428-5001.
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.