itb-nz logo
Story image

Ransomware attacks skyrocketed in past three months - Check Point

Global ransomware attacks skyrocketed in past three months, according to new research from Check Point.

According to the research, the daily global average of ransomware attacks jumped 50% in last quarter, compared to 1st half of 2020.

On top of that, the research found Ryuk ransomware now attacks 20 organisations a week, while the percentage of global healthcare organisations impacted by ransomware has doubled. The healthcare sector is now the #1 most attacked industry in the US. 

The top 5 countries ranked by the most ransomware attacks in the last 3 months:

  • US (98.1% increase)
  • India (39.2% increase)
  • Sri Lanka (436% increase)
  • Russia (57.9% increase)
  • Turkey (32.5% increase)

Top 5 global industries most impacted by ransomware threats in the last 3 months

  • Communications
  • Education & Research
  • Government & Military
  • Software vendors
  • Utilities
  • Top ransomware types in last 3 months: Maze and Ryuk

"Ransomware is breaking records in 2020," says Check Point head of threat intelligence, Lotem Finkelsteen.

"The increase in ransomware attacks began with the advent of the coronavirus pandemic, as organisations scrambled to enact remote workforces, leaving significant gaps in their IT systems," he explains. 

"However, the last three months alone have shown alarming surges in ransomware attacks, and I suspect the ransomware threat to get far more worse as we approach the new year. I strongly urge organisations everywhere to be extra vigilant.”

According to Finkelsteen, the main drivers behind the surge in attacks are:

More sophisticated attacks, such as Double Extortion. In this attack type, hackers first extract large quantities of sensitive information, prior to encrypting a victim’s databases. Afterwards, attackers will threaten to publish that information unless ransom demands are paid, placing substantial pressure on organisations to meet hackers.

Willingness to pay. Hackers deliberately choose a ransom price that targets are more willing to pay. This way, victims of ransomware opt to simply pay the price, instead of dealing with the headache and time required to recover their IT systems. Furthermore, targets are more willing to pay in order to avoid additional stress given the challenging economic times we’re living in due to coronavirus. Though, this can change once coronavirus is behind us. Unfortunately, paying the ransom creates a vicious cycle: the more these type of attacks "succeed", the more frequently they occur.

Emotet’s return opens new entry-points. After a five-month absence, Emotet has surged back to 1st place in Check Point’s Most Wanted Malware Index, impacting 5% of organisations globally. Emotet is an advanced, self-propagating and modular Trojan. It was originally a banking Trojan, but has recently been used as a distributor of other malware or malicious campaigns. Emotet operations sell their infected victim's details to ransomware distributers, and because they are already infected, these victims are vulnerable to more attacks. This makes ransomware attacks even more "effective" to the attacker since more infected targets means more entry points for ransomware attacks.
 

How organisations can protect themselves

Train employees: Training and educating users on how to identify and avoid potential ransomware attacks is crucial. As many of the current cyber-attacks start with a targeted email that does not even contain malware, but only a socially-engineered message that encourages the user to click on a malicious link, user education is often considered as one of the most important defenses an organisation can deploy.

Continuously backup your data: Maintaining regular backups of data as a routine process is a very important practice to prevent losing data, and to be able to recover it in the event of corruption or disk hardware malfunction. Functional backups can also help organisations to recover from ransomware attacks.

Patch your systems: Patching is a critical component in defending against ransomware attacks, as cyber-criminals will often look for the latest uncovered exploits in the patches made available and then target systems that are not yet patched. As such it is critical that organisations ensure that all systems have the latest patches applied to them as this reduces the number of potential vulnerabilities within the business for an attacker to exploit.