September’s cyberattacks spanned across every industry. More important than the number of breaches is the method of attack. Ransomware is becoming increasingly prevalent, and this trend shows no sign of slowing.
Here are some of the ransomware attacks in September 2021 alone:
- Ransomware holds Newcastle University
- Massachusetts High School attacked by ransomware
- Ransomware attack stops Argentinian border crossing
- Ransomware hits K-Electric, Pakistan’s largest private power utility
- Thailand’s Saraburi Hospital hit by ransomware
- NorthShore University HealthSystem notifying patients affected by ransomware
- Spain’s SegurCaixa Adeslas moves to contingency plan after ransomware attack
- Equinix hit by Netwalker ransomware attack
- Enloe Medical Center alerting patients after ransomware incident
- Fairfax County Public Schools in Virginia confirms cyber attack
- Artech Information Systems says data breached in ransomware attack
- SC’s Roper St. Francis in second data breach this month after learning of its involvement in Blackbaud incident
- Development Bank of Seychelles learns of ransomware incident
- Netherlands-based Veiligheidsregio Noord- en Oost-Gelderland hit by ransomware
- Ransomware threat actors claim theft of University Hospital New Jersey files
- New Jersey School District suspends classes during ransomware attack
- NJ-based Millstone Township School District hit by ransomware
- Systems of GA-based Jekyll Island Authority infiltrated with ransomware
- NY’s Floral Park-Bellerose School District hit with ransomware attack
- Woman dies during a ransomware attack on a German hospital
- The College of Nurses of Ontario investigating suspected ransomware attack
- NC’s Guilford Technical Community College hit with ransomware
- Non-profit Anglicare Sydney held to ransom after cyber attack
- Leading U.S. laser developer IPG Photonics hit with ransomware
- ArbiterSports referees’ data stolen in ransomware attack
- Tyler Technologies appears to have been hit by RansomExx ransomware
- Universal Health Services hit by massive ransomware attack
- French container line CMA CGM confirms ransomware attack
- Ransomware threat actors dump data on Clark County School District employees and students
- International insurance brokerage firm Arthur J. Gallagher & Co confirms ransomware attack
- Hackers hit South African government fund for children and missing people
- The Medisys Health Group and its affiliate Copeman Healthcare pay ransom
“What is Ransomware?”
Ransomware is malware that gains access to a victim’s information and then uses encryption to hold it for a specified amount of money. Until the ransom is met (and maybe not even then), the encryption blocks access to files, databases, applications, etc. Ransomware can spread through an entire network and quickly paralyze a company.
Believe it or not, ransomware doesn’t even require a cyber mastermind anymore. Ransomware-as-a-Service (RaaS) now exists, which allows non-technical criminals to buy the malware straight from a developer, for a percent of the cut (which can be millions).
“It won’t happen to us”
One reason some companies don’t implement proactive cybersecurity is their (incorrect) assumption that their business wouldn’t be a good target.
Myth: Malicious hackers only target high-value companies or those in the spotlight. My business wouldn’t be on their radar.
Fact: Cyber criminals choose targets for a lot of different reasons, and annual budget is only one of them.
Criminals may target a wealthy company because they assume it can pay a ransom, but they can just as easily go after a smaller company or a startup, assuming it’s an easy target because funds are not prioritized toward cybersecurity.
Enterprise, SMB, startup…healthcare, education, law firm…private, public, government…everyone (including you) can be a target.
“Should we just pay the ransom?”
At the end of the day, decision makers must do what they believe is best for their organization. However, the FBI generally advises against paying these ransoms, and I agree fully. Here are some important things to consider:
Corrupted Data (if any data)
First of all, paying a ransom doesn’t guarantee the return of your data. There is an encryption key that a malicious hacker theoretically should give a company after the ransom is paid, but there is nothing to guarantee that happens. In fact, they may even leak the data to the public after payment, just because they can.
More prevalently, even if you get the data back, some or all of it may be corrupted. Nearly half of victims who pay the ransom receive corrupted data back.
The ransom itself can cost millions of dollars. In 2020, nearly $350 million in cryptocurrency was paid by victims.
You can also incur civil penalties from the government for paying. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published an advisory in 2020 explaining that malicious cyber criminals, which include ransomware attackers, are a part of its cyber-related sanctions program. This gives OFAC the authority to impose penalties on U.S. persons who provide material assistance or support to these individuals (which can include a ransom).
Paying a cyber ransom may seem like the only choice sometimes, but this can signal a couple of things to criminals. First, it shows them that ransomware works, so this incentivizes more attacks. In addition, it specifically shows them that YOUR organization is a good target, because you pay. In fact, it is estimated that about 80% of companies who pay cyber ransoms become victims a second time.
Red Sentry Solution
We could talk about appropriate ransomware responses for days, but a much better solution is not letting a malicious hacker into your system in the first place.
My company, Red Sentry, provides an automated, continuous pentesting platform that helps you monitor your cyber environment 365 days a year. This is just one example of a technology that can elevate your security to the next level.
Ransomware is not going anywhere anytime soon, so businesses must harden the target on themselves as much as possible. Put effective tools in place, shore up your systems, and stay proactive. We can’t always beat malicious hackers at their own game, but we can keep them from entering the stadium.