Amid the dramatic surge of ransomware attacks in 2021, researchers of Barracuda, a trusted partner and leading provider of cloud-enabled security solutions analyzed 121 ransomware incidents between August 2020 and July 2021 and identified 64% increase in attacks year-over-year. Many of these attacks are being led by a handful of high-profile ransomware gangs. Ransomware gang Revil accounted for 19% of the attacks while new ransomware strain DarkSide caused 8% of the attacks. In their latest Threat Spotlight, Barracuda researchers examined the ransomware attack patterns over the past 12 months and shared insights on prevention and recovery.
Ransomware criminals are penetrating the foundation of the digital economy across the globe, from trusted software vendors to IT service providers. They are still heavily targeting municipalities, health care, and education, but attacks on other businesses are surging. Attacks on corporations, such as infrastructure, travel, financial services, and other businesses, made up 57% of all ransomware attacks between August 2020 and July 2021, up from just 18% in Barracuda Network’s 2020 study. Meanwhile, Infrastructure-related businesses account for 10% of all the attacks. In fact, ransomware attacks are quickly evolving to software supply chain attacks, which reach more businesses in a single attempt.
Speaking on the ransomware trends, Murali Urs, Country Manager, Barracuda Networks India said, “Ransomware criminals have refined their tactics to create a double extortion scheme. The initial steps towards safeguarding an organisation from any possible ransomware attack involve assuming vulnerability and setting a goal of not paying the ransom. Once that has been taken care of, it is necessary to implement anti-phishing capabilities in email and other collaboration tools, and consistently train your users for email security awareness. Companies should also secure their SaaS applications and infrastructure access points by implementing Zero Trust Access. Finally, it is crucial to stay put with a secure data protection solution that can identify your critical data assets and implement disaster and recovery capabilities. That way organisations can confidently put their foot down against the ransomware criminals.”
The evolving attack patterns can be attributed to cybercriminals levelling up their tactics. To start with, malicious attackers find ways to steal credentials through phishing attacks, which can be used to challenge the web applications used by the victim. Once the application has been compromised, the attacker can introduce ransomware and other malware into the system. This can go on to infect the network as well the application users. On multiple occasions in the past year, attackers exploited an application vulnerability to gain control of the application infrastructure and eventually target the most valuable data to encrypt.
While analysing the ransom payment trends in the past years, Barracuda researchers are also witnessing a dramatic spike in the amount. The average ransom being demanded per incident is over US10 million dollars. Only 18% of the incidents had less than US10 million ransom demand, and 30% of the incidents had greater than US30 million dollars ransom asks. However, there have been multiple instances of victims reducing ransom payments by deploying negotiation tactics. JBS negotiated a US$22.5 million ransom payment down to US$11 million, and Brenntag, a chemical distributor in Germany, negotiated a US$7.5 million ransom demand down to US$4.4 million. The research highlighted more organizations refusing to pay the ransom, and that is likely driving up the initial ransom ask. The FBI recently uncovered the bitcoin wallets of DarkSide and was able to recover some of the ransom payments, and authorities have disrupted payments to the affiliates of the ransomware group.