- by David Goldstein -
Ransomware has developed into one of the biggest threats to businesses around the world. According to an alert in 2021 from the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), it’s when offices are normally closed on weekends and holidays when the two organisations have observed the most attacks.
The alert came about after the two American crime organisations observed increasingly impactful attacks against U.S. entities on or around holiday weekends over several months. They believe as a result of their observations cybercriminals may view holidays and weekends—especially holiday weekends—as attractive timeframes in which to target potential victims, including small and large businesses.
In some cases, they believe this tactic provides a head start for malicious actors conducting network exploitation and follow-on propagation of ransomware, as network defenders and IT support of victim organisations are at limited capacity for an extended time.
Some examples of ransomware attacks highlighted by the FBI and CISA in their alert were:
Ransomware has been identified as the largest threat to business today by the European cybersecurity agency ENISA. Attacks are becoming increasingly sophisticated. In the ENISA Threat Landscape (ETL) 2021 report, ENISA says the problems and costs of ransomware include “the amount of ransom, downtime, and the cost of people and actual operational and technical remediation.” A survey across 30 countries found the overall cost of remediating a ransomware attack has vastly increased, from $761,106 in 2020 to $1.85 million in 2021, according to ENISA.
Internet crime is rapidly growing. The FBI's Internet Crime Complaint Center (IC3), which provides the public with an avenue for reporting information on cyber incidents, received 791,790 complaints for all types of internet crime—a record number—from the American public in 2020, with reported losses exceeding $4.1 billion. This represented a 69% increase in total complaints from 2019. The number of ransomware incidents also continues to rise, with 2,474 incidents reported in 2020, representing a 20% increase in the number of incidents, and a 225% increase in ransom demands.
In their alert, CISA and the FBI advise how the destructive impact of ransomware continues to evolve beyond encryption of IT assets. Cybercriminals increasingly target large, lucrative organisations and providers of critical services with the expectation of higher value ransoms and increased likelihood of payments. Cybercriminals have also increasingly coupled initial encryption of data with a secondary form of extortion, in which they threaten to publicly name affected victims and release sensitive or proprietary data exfiltrated before encryption, to further encourage payment of ransom.
Although cyber criminals use a variety of techniques to infect victims with ransomware, CISA and the FBI note the two most prevalent initial access vectors are phishing and brute forcing unsecured remote desktop protocol (RDP) endpoints.
As part of their alert, organisations are strongly discouraged from paying ransoms to criminal actors. As many organisations have found, payment does not guarantee files will be recovered, nor does it ensure protection from future breaches. Payment may also embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of malware, and/or fund illicit activities. Depending on your country, there may be laws requiring reporting of cybercrime including ransomware perpetrated on businesses. Cybercrime agencies in other countries will often encourage the reporting of cybercrime, including ransomware, perpetrated on businesses.
Some of the ways to mitigate against cybercrime such as ransomware, the FBI and CISA advise, include:
Contact us to learn more about how to protect against cybercrime.