Latest trends in ransomware
Ten post dostępny jest także w języku: polski
There has been a sharp increase in the number of ransomware attacks in 2021, reaching as much as 151%, according to a SonicWall report. Criminals have modified the pattern of attacks, using both infected attachments or links sent by email, as well as carrying out phishing attacks. The percentage of attacks using vulnerabilities in web applications has also increased. Although the US saw the highest number of ransomware attacks last year, Europe saw the largest increase of 234% in encryption incidents over 12 months.
Ransomware attacks most often begin by sending an infected attachment or link in an email. Once the malware is downloaded, email, data, and many important files are blocked and remain inaccessible until a ransom is paid. PDF files, Office files, and .exe software are among the most common formats in which encryption software can be embedded. According to a SonicWall report, the number of malicious Office files increased significantly during the Covid-19 pandemic, with a 150% prevalence over PDF files by the end of 2020. However, as some employees return to the office, the number of infected Office files and PDFs is falling – by 54% and 13% respectively. Instead, .exe software is becoming increasingly popular, rising to 26% in 2021.
According to the Barracuda website, ransomware gangs are responsible for a large proportion of cybercrime attacks, and between August 2020 and July 2021, the REvil group was responsible for the most attacks – a whopping 19%. In second place was DarkSide, which contributed to 8% of attacks. The SonicWall report indicates that the second quarter of 2021 saw a record number of ransomware attacks, and the upward trend could continue.
The SonicWall report indicates that the second quarter of 2021 saw a record number of ransomware attacks – around 180 million, more than tripling year-on-year, while the upward trend could still continue and the second half of the year could bring new records for the number of attacks. According to a study by Barracuda portal, between August 2020 and July 2021, the number of ransomware attacks increased by 64% year on year.
The analysis shows that as many as 57% of all attacks were those targeting corporations including those dealing with infrastructure (11% of attacks), travel, or financial services – a sharp increase from 18% in the 2020 survey. Furthermore, ransomware attacks are increasingly targeting supply chain software, thus increasing the number of companies that can fall victim to cybercriminals. Examples of such attacks in 2021 include SolarWinds or Codecov, when an attack by the REvil group affected more than 1,000 companies, mostly in the United States. In addition, administrative authorities, such as municipalities, which have outdated tools and limited IT staff, are extremely vulnerable to ransomware attacks.
Polish companies and public institutions are also vulnerable
Most ransomware attacks occur in the United States, with US organisations accounting for 44% of victims of cybercriminals. Attacks in Europe, the Middle East, and Africa account for 30% of all incidents, and those in Asia account for 11%. Europe saw the largest increase of 234% in encryption incidents over 12 months, while North America saw an increase of 180%. According to SonicWall report, Poland with the result of 32.28% is in third place in the ranking evaluating internet users’ chances of becoming a victim of a ransomware attack. Only Vietnam and Sri Lanka have worse results.
Check Point Software’s Semi-Annual Security Report 2021 reveals that in the first half of 2021, the average Polish organisation was attacked more than 500 times per week. The report shows that the education and research sector is most affected by cybercrime problems, with as many as 2,800 attacks per week targeted.
A change in tactics
Criminals are not just sending infected files or links, they are also stealing credentials through phishing attacks, which involves impersonating other people, such as delivery companies or government offices. An increasing number of ransomware attacks are based on the exploitation of application vulnerabilities that allow control of the application infrastructure to be taken over. This form of attack is facilitated by the growing number of web-based applications that enable remote working. In terms of security, there is no difference between a web portal for the IT infrastructure segment and a complex SaaS application – both portal and application can be equally dangerous.
Criminals have modified the system of operation using a so-called double ransomware extortion scheme. They base ransom demands on analysis they perform before the attack. After stealing sensitive data, they demand payment by threatening to publish or sell it. Criminals, who have received a ransom payment, contact victims again, often months later, to extort another transfer of funds in exchange for a promise to keep the stolen data secret. According to Check Point Software, some criminals also resort to so-called third-party extortion, which involves attacking customers or business partners of a cyberattack victim.
In addition to attack tactics, ransom payment trends are also changing. Ransom amounts are increasing rapidly and remain at $10 million, although as many as 30% of attacks involved ransom demands over $30 million. The high amounts also have to do with the wider adoption of cryptocurrencies, but the introduced tracking of bitcoin transactions has forced cybercriminals to resort to other cryptocurrencies such as Monero.
Protecting yourself from attacks
There are many ways to protect your devices from ransomware attacks. According to Check Point Software, you should install updates and security patches regularly or allow them to update automatically. It’s also worth installing anti-virus and anti-ransomware software. But above all, beware of emails containing attachments or links, as sending infected files is still one of the easiest and most popular solutions used by cybercriminals.
For more expert insights into cyber security in Poland, see PMR’s report “Cybersecurity Market in Poland 2020. Market analysis and growth forecasts for 2020-2025“. The figures were supplemented by extensive expert comments, supplier profiles, trend analysis and comparisons of the Polish market with global trends.