Parting Shots (Q3 2021 Issue)

This year, 2021, is the year of ransomware attacks. This claim won’t surprise many due to the exponential presence and sheer calamity of ransomware attacks this year. There has been a 41% increase in ransomware attacks since the beginning of 2021, and experts estimate a ransomware attack currently occurs every 11 seconds. This year has also seen the largest ransomware payout ever recorded, at $40m.

Let’s be clear: ransomware payments are not isolated and corrigible incidents. Businesses, governments, schools etc., of all sizes have had their online environments stormed by cyber-attackers. This fact partly explains why cyber-experts deem ransomware the most prominent malware threat, with scores of reports compounding the global dangers it poses.

Consider the results of the Sophos survey in its State of Ransomware 2021 report, in which 37% of 5400 IT decision-makers across 30 countries admitted that their organizations were affected by ransomware in the last year. If that wasn’t plaintive enough, consider that around 30% of ransomware victims confessed that their companies were forced to remove jobs following a ransomware attack. These attacks are also decidedly effective, with 54% of respondents claiming that cyber-criminals succeeded in encrypting their data.

If these facts do not give you the jitters, ponder the ransom fee trend since 2018. The average ransom payment in 2018 was $5000, bloating to around $200,000 in 2020. In Coveware’s Q1 2021 Ransomware Report, it found the average ransom payment in Q1 of 2021 has grown further to $220,000.

It isn’t easy to forget the ransomware attack that targeted US oil network, Colonial Pipeline, in May. Its operations were affected for several days after hackers secured access via a compromised password. Desperate to regain access to its systems, it paid $4.4m to Russian hackers DarkSide.

Another infamous example involves Brazil-based meat processing company JBS, which suffered a devastating cyber-attack courtesy of REvil, bringing its facilities located in the US, Canada and Australia to a standstill. The company begrudgingly forked out over $11m to REvil. In July, the supermarket chain Co-op shut down approximately 500 stores in Sweden due to a colossal ransomware attack that hit Florida-based IT provider Kaseya. REvil ransomware group quickly demanded $70m to decrypt the affected devices, claiming to have compromised more than one million computers. 

"The denouement of the summit saw the leaders call on the Russian government to apprehend those responsible within its borders"

More national intelligence agencies are poring over the motivations, impact and countermeasures pertaining to ransomware attacks. Worryingly, they deem ransomware the most significant online threat to businesses. The cybercrime phenomenon in which hackers encrypt data and demand payments to decrypt is becoming more professionalized. At the G7 summit in Cornwall, UK, in June, world leaders announced steps to grapple with the problem. The denouement of the summit saw the leaders call on the Russian government to apprehend those responsible within its borders. Unsurprisingly, Russian president Vladimir Putin denounced any claim of responsibility, remarking that it was “funny” and “just nonsense” to point any fingers at the Kremlin.

It isn’t just the economic unease or the longstanding political fracas that beleaguer cybersecurity experts. The challenge of remediation in the aftermath of a ransomware attack looms over the cybersecurity industry and calls for pressing action. This is especially true when ransomware recovery costs $2m on average. Even if investment in cybersecurity is booming, intractable problems seem to remain since the talent pool is sorely limited, and, according to CyberSeek, around half a million cybersecurity jobs are unfilled in the US alone. According to Cybersecurity Ventures, there will be a staggering 3.5 million unfilled cybersecurity jobs globally this year.  

The unabating question remains: what can businesses do? There are many discussions around risk management and insurance policies. These often include, but are not limited to, ‘ransomware readiness,’ ‘ransomware insights,’ ‘ransomware incident response planning’ and ‘cyber insurance.’ Fortunately, there are further options available to businesses to protect themselves — shoring up weaknesses internally and shifting the type of behaviors placing them at risk of a ransomware attack. The first concerns skills development. Businesses must invest in skills growth and development to keep up with evolving technologies. Of course, this includes cybersecurity. Upskilling and reskilling are glaring examples, as well as implementing training programs for a broad scope of employees. The second option concerns third-party support and new technologies. There is a passel of vendors and firms specializing in emerging cybersecurity technology and other support, respectively, providing businesses with cutting-edge security suites, malware and spyware protection and beyond.

However, there are no silver bullets to assuage the threats posed by ransomware attacks. Yet, many businesses will be expecting governments and national intelligence agencies to do more to trammel the menace of ransomware attacks and bring charges against those culpable, whether they be lone threat actors, cybercrime gangs or nation-states

What’s Hot on Infosecurity Magazine?