New Threat Spotlight Shows Ransomware Attacks Continue to Grow
Despite new security tools and government crackdowns, ransomware attacks are increasing unabated.
September 29, 2022
Sponsored by Barracuda MSP
Cybercriminals thrive on chaos and disruption, and the past several years have provided a fertile environment for ransomware attacks. The COVID-19 pandemic, political turmoil and the ongoing war in Ukraine have left many individuals and companies particularly vulnerable to these attacks.
In a recent Threat Spotlight report, Barracuda found that many small companies are struggling with ransomware-related data recovery. While attacks against high-profile organizations make headlines, smaller firms are often targeted, as well, and face a much bigger challenge responding to and recovering from these incidents.
Barracuda found that the volume of ransomware threats detected by its SOC team spiked between January and June 2022, with more than 1.2 million monthly attacks. As a result, companies in every industry, along with critical infrastructure providers, are affected.
The attack against the Los Angeles school district may be the most high-profile and troubling among recent ransomware attacks. Early in September, the district confirmed that it was hit by a cyberattack (launched by a Russian-speaking hacker group called Vice Society) that disrupted access to its IT systems. The total impact on the school has not been made public yet. The Vice Society leak site also listed several other school districts. This is the second time a ransomware attack has hit the LA school district.
The Impact of Ransomware Is Far-Reaching and Costly
But bad actors aren’t just targeting LAUSD. Also in September, the Savannah College of Art and Design (SCAD) in Georgia suffered a ransomware attack, exposing sensitive information about hundreds of students and employees.
In addition to business disruption, financial costs and potential exposure of valuable data, these ransomware attacks can leave companies on the hook for damages in costly lawsuits. For example, Practice Resources LLC, a medical billing company, was attacked in April, a breach that put millions of medical records at risk. Several affected patients have filed a class action lawsuit. The San Francisco 49ers are also the target of a lawsuit after a ransomware attack during the Super Bowl week that compromised the personal data of thousands of ticket holders.
Barracuda found that the dominant targets of these attacks are five key industries: education, municipalities, healthcare, infrastructure and financial. Attacks on educational institutions like the ones mentioned above have doubled over the past year, and attacks on the healthcare and financial verticals have tripled. Infrastructure attacks, meanwhile, have quadrupled, indicating that financial gain or data theft may not be the only motivations behind the attacks.
Service Providers Are a Target
Another finding of the research was that service providers of all types are a notable target of ransomware attacks, accounting for 14% of attacks in the other industries category. This is unsurprising in some ways since these companies offer access to client systems.
Although fewer companies are paying ransoms, and law enforcement agencies are successfully recovering money for some who do pay, attackers continue to make extortion attempts. In addition, while businesses are increasingly aware of these attacks, they have not necessarily put enough security solutions in place. According to Barracuda CTO Fleming Shi:
“I’m also surprised we still see many successful attacks against VPN systems without stronger authentication schemes. The rapid shift to remote work from the pandemic exposed this as an area of weakness for many organizations. So, it makes sense that cybercriminals continue exploiting these vulnerabilities, but businesses have had plenty of time to improve their authentication.”
Typically, credentials are stolen via phishing attacks or bought on the dark web, and attackers target the VPN because of the access it can provide.
Avoiding Ransomware Leads to Better Outcomes
What can companies do? Barracuda recommends solutions that leverage artificial intelligence to respond, as rule-based systems cannot effectively match these rapidly evolving attacks.
Additionally, the following should be considered best practice:
Disabling macro scripts from MS Office files
Regular removal of unused or unauthorized apps
Implementation of network segmentation to reduce ransomware spread
Deploying enhanced web application and API protection services
Reinforcing access control to offline and cloud backups
While efforts to avoid or recover ransom payments are helpful, avoiding a successful ransomware attack altogether is a much better outcome for any business – this minimizes business disruption and saves the company additional costs in potential lawsuits if client data is compromised. Following the tips above can help these companies protect their data from ransomware and other attacks. This type of prevention is the only real solution, given how determined the groups behind these attacks are.
Chris Crellin is senior director of product management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.
This guest blog is part of a Channel Futures sponsorship.
Read more about:
MSPsAbout the Author
You May Also Like