The Ransomware Threat Report 2021 from Unit 42 shows that the average amount paid by ransomware victims tripled from 2019 to 2020.
Ransomware is a form of malware that encrypts important files on a computer and the user (often a business/organisation) is given a ransom demand, the payment of which should mean that the encrypted files can be released. In reality, some types of ransomware delete many important files anyway and paying the ransom does not guarantee that access to files will be returned to normal.
The Palo Alto Networks, Unit 42 Ransomware Threat Report shows that the average ransom paid by a victim organisation in Europe, the US and Canada trebled from $115,123 (£83,211) in 2019 to $312,493 (£225,871) in 2020. The report showed that, over the same period, the highest value ransom paid doubled from $5m (£3.6m) to $10m (£7.2m), and the highest extortion demand grew from $15m (£10.8m) to $30m (£22m).
Some of the main reasons for the increase in ransomware attacks and the increase in the amounts paid to attackers are thought to include:
Some of the main targets of ransomware attacks noted by the report last year include healthcare organisations, leading pharmaceutical companies, and COVID-19 vaccine research and development organisations. For example, last October, Philadelphia company eResearchTechnology (which makes software used to try and develop COVID-19 vaccines and treatments) was hit by a ransomware attack. Employees were locked out of systems and the attack had a knock-on effect that was felt by IQVIA, the research organisation helping with AstraZeneca’s Covid vaccine trial, and Bristol Myers Squibb, a drug-maker involved in the development of a quick test for COVID-19.
As if these types of targeted attacks haven’t been dangerous enough, the report highlights how so-called ‘double extortion’ attacks have been on the rise. This is where, in addition to demanding a ransom to release data files, the criminal also threatens to leak some of the files/data unless the ransom is paid.
Ransomware attacks tend to arrive in phishing emails, so it is important that staff are aware of the dangers of clicking on suspicious links. Also, staff should be wary of Microsoft Office email attachments that advise the enabling of macros to view the content, as this can be a sign of a ransomware email.
This story also highlights the importance of making sure that data is regularly and securely backed up to a cloud-based service and that disaster recovery and business continuity plans have procedures for ransomware attacks built-in to them. Cyber insurance is highly advisable. Businesses should also note that paying the ransom is a high-risk option and certainly offers no guarantee that any files will be unlocked/returned.
Other precautions that businesses can take to guard against these kinds of attacks include keeping antivirus software and Operating Systems up to date and patched (and re-starting the computer at least once per week), using a modern and secure browser, and using detection and recovery software e.g., Microsoft 365 protection and Windows Security. Also, storing files on cloud services e.g. OneDrive/Google Drive, IDrive, or whatever work-based cloud file storage systems employees are required to use.
Let's meet Paradise Computing's Project Manager, Gareth Whyley. Gareth has a background in IT consultancy and is a specialist in compliance and project management. He is passionate about helping our clients achieve their goals.
Today, we’re shining the spotlight on Rachmann Joubert, a Sage Support Specialist who has brought his wealth of software development experience to the role to help build solutions for our clients.
Today we're getting to know one of Paradise Computing's IT Support Engineers - Ashley Curtis. Ashley plays a vital role in supporting the IT infrastructure of our clients and supports them with his expert IT knowledge.