Ransomware attacks have become a significant threat to businesses worldwide. As organisations adopt remote working models to accommodate WFH, they expose networks to ransomware, creating devastating losses that undermine their reputations.
In fact, the past year has seen ransomware attacks take down massive corporations with sophisticated networks. We will explore some ransomware examples and explain what to do to prevent such attacks in the future.
Disturbing facts about ransomware
– In 2021, there were 500 million ransomware attacks, with over 1748 attempted attacks per organisation.
– The cost of a ransomware data breach has increased from $3.86 million (£2.89 million) to $4.24 million (£3.18 million)in 2021, a ten per cent increase in a year.
– Customer Personally Identifiable Information (PII) costs over $161 (£120) per stolen record
– Organisations with a 50% remote workforce took over 316 days to detect and contain the breach, compared to 287 days for organisations with office workers.
– Cybercriminals created over 300,000 new malware pieces to target individuals and businesses.
– The number of global ransomware attacks increased by over 48% in the UK.
How did ransomware attacks become widespread?
While social engineering attacks have been on the rise, ransomware attacks have gained notoriety due to their frequent occurrence. This is because cybercriminals do not need a lot of resources to execute the attack. All that is needed is a small payload with little command and control communication to infect and control targets.
According to security experts, anyone can buy and deploy different strains of ransomware designed for different platforms.
For example, the “ransomware-as-a-service” market allows cybercriminals to buy ransomware kits for less than $100 and there are ransomware affiliates that help ransomware operators expand their capabilities.
Furthermore, when networks are breached, brokers advertise access to the compromised network, giving more cybercriminals access to the network.
Top ransomware examples and the lessons we can learn from them
Kasey ransomware attack
The Kaseya ransomware attacks were arguably some of the most significant ransomware attacks of the year; the cybercriminals responsible for the attack demanded over $70 million.
It was the definition of a supply chain attack for the VSA remote software (used by 50 customers as a managed service provider), and as many as 1500 of their customers fell victim to the ransomware.
Kaseya responded by alerting all customers and advised shutting down administrative access to VSA before taking servers and data centres offline.
Key lessons from the ransomware attack
The ransomware attack on Kaseya highlights the importance of remote monitoring and management (RMM) software, where access should be restricted and even offline for additional security.
Companies should also place a bigger focus on supply chain security and regularly review supplier security standards to prevent another accident.
There should also be appropriate user privileges to ensure that access to sensitive data is only available to a handful of users.
Finally, it is important to analyse, update, and patch the supply chain to mitigate known vulnerabilities in software.
Colonial Pipeline cyber attack
On 7th May 2021, a group called DarkSide gained access to Colonial Pipeline’s network infrastructure through a compromised virtual private network (VPN) account password.
As a result, the group was able to access and wall off valuable data and demand a ransom amounting to over $5 million.
Colonial Pipeline was forced to pay $4.4 million although $2.3 million was later recovered.
The attack demonstrated how even the network infrastructure of the largest oil supply pipeline in the US is not immune to ransomware threats, making ransomware a major threat and how it should be at the core of every business strategy.
Key lessons to take away from the attack
The attack demonstrated the importance of security mechanisms that strictly regulate access to critical systems. For example, multi-factor authentication requires access that is only granted when authorised users have given their approval.
Multifactor authentication is an effective mechanism for mitigating ransomware attacks. Moreover, CIOs should implement network segregation policies and adopt zero-trust network architecture, which makes user access more exclusive, reducing the potential for an attacker.
The ransomware attack on CNA Financial
In March 2021, CNA Financial suffered a ransomware attack that forced them to pay a significant amount of money.
While the company never confirmed the amount paid, sources cite that over $40 million was paid, making it the largest payment made to a ransomware attack.
The ransomware uploaded was called PhoenixLocker, and according to CNA, it was uploaded by a threat actor.
While the initial point of attack has yet to be confirmed, sources say that the ransomware entered the system through a malicious browser update delivered through a valid website and accessed data by exploiting known vulnerabilities.
Key lessons to learn from the attack
The main takeaway from this attack is the ease with which cybercriminals accessed vital data that rendered the high ransom paid.
Of particular concern to CIOs should be how easy it was for cybercriminals to access data that was so important it forced them to pay a significant ransom.
Moving forward, CIOs would need to be more stringent in allowing users when downloading updates from the browser.
The best way to avoid ransomware attacks in the future
While the ransomware examples we mentioned were devastating, they provided vital information and lessons on preventing such cyber breaches in the future.
Organisations need to reexamine their supply chain security to improve endpoint detection and real-time monitoring to ensure that vendors or personnel do not inadvertently compromise the network.
Furthermore, they would have to be stricter in what threat actors can do and what type of actions they can take on their workstations to ensure that cybercriminals do not access critical data through a single machine.
With more organisations shifting to a hybrid working model, devising more effective security measures to prevent ransomware attacks will be critical for continued stability. The security improvement will be critical for preventing devastating monetary losses and protecting your business’s reputation, making sure your organisation doesn’t end up in the top ransomware examples list next.
How RiskXchange can help
RiskXchange is one of the firms leading the fight against cybercrime, coming up with novel solutions to everyday problems experienced at the hands of hackers.
With full visibility over your eco-systems‘ entire attack surface in near real-time, you can regularly monitor and mitigate risks to prevent unnecessary exposures. Our passive data collection methods are effective and have no impact on your network performance. Using data-driven insights to prevent breaches is the best way to reduce an attack surface and prevent cyberattacks.
Find out more here.