Check Point Software Technologies details how ransomware has progressed in recent years, from WannaCry perpetrators demanding just a few hundred dollars from its victims to Conti requesting tens of millions. Check Point also reveals a 14% year-on-year increase in global ransomware attacks and says organizations need to prioritize prevention if they are ever going to combat this rising threat.
The WannaCry attack in 2017 was the first of its kind – a global, state-sponsored and multi-vector attack. Despite that, the initial extortion demand was just $300. While WannaCry wasn’t a trailblazer in terms of profitability, it was in terms of marking the beginning of the political use of ransomware. In the last five years, ransomware operations have moved from random emails to multi-million-dollar businesses, such as NotPetya, REvil, Conti and DarkSide, carrying out targeted and sophisticated attacks that affect organizations in every industry. The ransom demand facing Kaseya in 2021 was reportedly $70 million.
The rise of double and triple extortion
Remote and hybrid working, along with accelerated cloud adoption, have opened up new opportunities for ransomware attackers to exploit. Such attacks are becoming increasingly sophisticated with new trends such as Ransomware-as-a-Service, double and even triple extortion. Cybercriminals threaten to publish private information for double extortion and demand ransom not only from the infected organization itself but from its customers, partners, and suppliers in triple extortion.
Attacks on governments and critical infrastructure
A few days ago, two massive ransomware attacks happened in Costa Rica and Peru, both reportedly executed by the infamous Conti ransomware gang. The attacks led to the Costa Rican government declaring a state of emergency on May 6th and estimated losses of $200 million by paralyzing customs and government agencies, and even resulted in a loss of power in one of its cities due to a main energy supplier being impacted. One of the most high-profile critical infrastructure ransomware attacks in recent years was the one on Colonial Pipeline.
Every business a target
While governments and large corporations often make the headlines, ransomware actors are indiscriminate and will target businesses of all sizes in all sectors. To protect themselves, IT teams need to prioritize prevention. They should be vigilant for any signs of a trojan on their networks, regularly update their anti-virus software, proactively patch relevant RDP (Remote Desktop Protocol) vulnerabilities and utilize two-factor authentication. In addition, organizations should deploy dedicated anti-ransomware solutions that constantly monitor for ransomware-specific behaviors and identify illegitimate file encryption, so that an infection can be prevented and quarantined before it takes hold. With these protections in place, organizations can be better prepared for when they are attacked as in today’s climate it is a matter of when not if.