Ransomware Payouts Tripled Last Year

Ransomware

Ransomware is a form of malware that encrypts important files on a computer and the user (often a business/organisation) is given a ransom demand, the payment of which should mean that the encrypted files can be released. In reality, some types of ransomware delete many important files anyway and paying the ransom does not guarantee that access to files will be returned to normal. 

The Palo Alto Networks, Unit 42 Ransomware Threat Report shows that the average ransom paid by a victim organisation in Europe, the US and Canada trebled from $115,123 (£83,211) in 2019 to $312,493 (£225,871) in 2020.  The report showed that, over the same period, the highest value ransom paid doubled from $5m (£3.6m) to $10m (£7.2m), and the highest extortion demand grew from $15m (£10.8m) to $30m (£22m).

Why is There an Increase in Ransomware Attacks?

Some of the main reasons for the increase in ransomware attacks and the increase in the amounts paid to attackers are thought to include:

• Attempts to exploit vulnerabilities/opportunities created by remote working.
• Businesses that don't have effective data backup procedures in place (no recoverable, workable backup).
• Costs of downtime are perceived as being greater than the cost of paying the ransom. Paying the ransom, however, very often does not lead to the release of the files.
• The growth of ransomware-as-a-service (RaaS), where criminals can buy or act as affiliates and rent subscription-based ransomware (on the Dark Web) from which they earn a percentage of each ransom payment. For criminals, this method offers a low technical barrier to entry and a high affiliate earning potential.
• An increase in a more focused and thorough kind of ransomware attack where victims are researched and their networks are compromised in advance.

Critical Targets of Ransomware Attacks

Some of the main targets of ransomware attacks noted by the report last year include healthcare organisations, leading pharmaceutical companies, and COVID-19 vaccine research and development organisations. For example, last October, Philadelphia company eResearchTechnology (which makes software used to try and develop COVID-19 vaccines and treatments) was hit by a ransomware attack.  Employees were locked out of systems and the attack had a knock-on effect that was felt by IQVIA, the research organisation helping with AstraZeneca’s Covid vaccine trial, and Bristol Myers Squibb, a drug-maker involved in the development of a quick test for COVID-19.

Double Extortion

As if these types of targeted attacks haven’t been dangerous enough, the report highlights how so-called ‘double extortion’ attacks have been on the rise.  This is where, in addition to demanding a ransom to release data files, the criminal also threatens to leak some of the files/data unless the ransom is paid.

What Does This Mean For Your Business?

Ransomware attacks tend to arrive in phishing emails, so it is important that staff are aware of the dangers of clicking on suspicious links. Also, staff should be wary of Microsoft Office email attachments that advise the enabling of macros to view the content, as this can be a sign of a ransomware email.

This story also highlights the importance of making sure that data is regularly and securely backed up to a cloud-based service and that disaster recovery and business continuity plans have procedures for ransomware attacks built-in to them. Cyber insurance is highly advisable. Businesses should also note that paying the ransom is a high-risk option and certainly offers no guarantee that any files will be unlocked/returned. 

Other precautions that businesses can take to guard against these kinds of attacks include keeping antivirus software and Operating Systems up to date and patched (and re-starting the computer at least once per week), using a modern and secure browser, and using detection and recovery software e.g., Microsoft 365 protection and Windows Security. Also, storing files on cloud services e.g. OneDrive/Google Drive, IDrive, or whatever work-based cloud file storage systems employees are required to use.

For local Northampton IT support or advice, please call Paradise Computing on 01604 655900 or message us using our online contact form.