Submitted by: Daryl Haegley Director, Mission Assurance & Cyber Deterrence at the DOD and (CS)²AI Fellow
The COVID-19 pandemic forced millions of people to work remotely and cybercriminals are taking advantage of it. According to Group-IB‘s annual Hi-Tech Crime Trends 2020/2021 report, ransomware attacks wreak havoc on businesses and cost the world over $1 billion as a financial loss.
Since late 2019, ransomware attacks have surged drastically, targeting both the private and government sectors. Around 500 ransomware attacks spanning over 45 countries were reported around the world during this period.
The U.S., the U.K, France, and Germany together make up 20% of all ransomware attacks. Attacks on North and South American countries are 10%, while that of Asian states is 7%.
The five most attacked sectors include retail (51 victims), manufacturing (94 victims), government agencies (39 victims), construction (30 victims), and healthcare (38 victims).
The operator’s Maze and REvil are believed to be behind more than half of all successful attacks. Other ransomware families included Ryuk, NetWalker, and DoppelPaymer came second.
Ransomware operators are using targeted brute-force attacks on remote access interfaces (such as RDP, SSH, VPN), downloaders, and new types of botnets (or brute-force botnet).
Though there have been hundreds of attempts ever since lockdown was imposed due to COVID-19, here a few as of late.
Recently, U.S. Fertility, one of the largest networks of fertility clinics located in the U.S., was hit by a ransomware attack.
The Baltimore County Public Schools were hit by a ransomware attack that compromised distributed virtual learning.
Existing security solutions used by a lot of companies usually fail to spot and block ransomware activity at early stages. Thus, experts recommend taking a backup of important data, patching software and operating systems regularly, and providing training to identify spam emails with malicious intent.