Last year, there was considerable evolution in terms of ransomware trends and techniques. In the US, and abroad, we saw many high-impact attacks being carried out against critical infrastructure entities. These highly disruptive and highly publicized attacks brought increased pressure from law enforcement, which led to arrests and takedowns of ransomware groups. Because of this, the second half of 2021 saw a shift in attacks against more mid-sized targets…those organizations not large or critical enough to draw scrutiny or investigation from law enforcement, but large enough to get a good payout.
In fact, analysis shows that companies with 1,000 employees or less are accounting for about 82% of attacks. And although the number of attacks seemed to have decreased towards the end of 2021, the average ransom payment increased dramatically in the final quarter of the year. (Data from Coveware).
An alert from CISA (Cybersecurity & Infrastructure Security Agency) details more ransomware trends, developments, and the current state of the global ransomware threat.
Top Ransomware Attack Vectors
- Exploiting RDP (remote desktop protocol)
- Email Phishing
- Exploitation of software vulnerabilities
Ransomware Attack Trends
- Triple extortion tactics: threatening to release stolen information to public; disrupting operations; and informing partners, shareholders, suppliers of attack
- Ransomware groups are sharing victim information with each other
- Utilization of cybercriminal services-for-hire
- Targeting MSPs to maximize their attack across many victims
- Attacking software supply chain and industrial processes
- Deploying attacks during holidays and weekends
- Targeting the cloud
Reducing Your Risk of Attack
- Update all systems and software and do so regularly
- Segment your networks
- Secure and monitor RDP closely
- Require multi-factor authentication
- Have a good backup and disaster recovery process in place
- Enforce strict password requirements
- Implement user cybersecurity training
- There are many more mitigations to apply to improve your security posture. Read more in our “Reduce the Risk of Ransomware & Other Cyber Attacks” blog.
Read the full alert issued by the CISA.
Though ransomware and other cyber-attacks will likely continue to be a problem in 2022, we are seeing some promising steps and developments in the fight against cybercrime. Executive orders have been issued to harden the cybersecurity posture of government agencies and law enforcement is taking more action in pursing the takedown of ransomware operations. High profile attacks are also raising cybersecurity awareness for organizations and individuals. Finally, the cyber liability insurance market is tightening their requirements for coverage (you can read more about this in our “What to Expect from Your Cyber Breach Insurance Policy” blog).