Ransomware Continues to Cause Disruptions

Oil pipelines and Apple among most recent targets

Seemingly every week, there’s a new disruption caused by ransomware. Some of them are more noteworthy than others, with the recent pipeline disruption getting the most coverage followed by a $50M ransom demanded from Apple a few weeks ago.

It’s all part of a trend of escalating criminal activity centered around ransomware.

While the high-profile demands and disruptions are generating headlines, the fact is ransomware attacks have been proliferating with increasingly large demands. According to a report by The Economist, the average ransom payments have escalated from around $50,000 in 2019 to over $200,000 this year. The median size of the companies attacked has been rising as well and now sits at slightly more than 200 employees.

Emboldened Criminals
The increase in the size of companies targeted and the ransom demands shouldn’t give smaller organizations a false sense of security. Criminals are increasingly targeting larger companies as well as the smaller organizations that they continue to target. This is a function of both the availability of underworld SAAS networks and official or unofficial sanction from countries like Russia that allow gangs to operate on the understanding that all attacks must be directed outside the country. These criminal groups are functionally digital privateers operating with a letter of marque.

Oblique Targets
As ransomware has evolved, the threat has gone from merely encrypting files to the release of data. As the recent attack on one of Apple’s suppliers has shown, this puts any organization that entrusts data to outside vendors at risk.

The criminals encrypted the supplier’s data but threatened Apple with the release of their product designs and schematics unless Apple paid a $50 million ransom. As criminals look for soft targets, a vendor of a large, wealthy organization is more appealing than the organization itself. These indirect attacks are affecting every industry where valuable data is entrusted to outside vendors.

Root Cause
Ransomware is hardly new. Although the increasing rate and sophistication of the attacks and targets are worrisome, the root cause of the attacks is even older. Most ransomware attacks are precipitated by phishing campaigns as a way to gain access to networks.

Due to this fact, one of the most effective ways to protect your organization is to ensure there is awareness of phishing and training available to spot and report threats. A newer strategy that adds another layer of protection is implementing a zero-trust architecture.

If you have questions about ransomware, phishing training, zero-trust, and how to protect your IT resources, call ITPAC today.