Since the Colonial Pipeline incident in May 2021, the word “ransomware” has been circulating in public opinion and even in recent remarks from President Biden and law enforcement, along with warnings about how this type of advanced cyberattack on companies and individuals should be avoided.
But what exactly is ransomware? Why are we suddenly talking so much about it now?
The Cybersecurity & Infrastructure Security Agency (CISA) defines ransomware as an ever-evolving form of malware designed to encrypt files on computer systems, rendering files and the critical infrastructure that rely on them unusable.
The attack’s main objective is to make ransom demands, commonly in cryptocurrencies like Bitcoin, in exchange for keys to decrypt the information locked up by malicious actors.
The information never disappears from your servers, but is completely inaccessible without using a unique decryption key or tool provided by the cybercriminals that launched the attack. The attack itself could lock one file, one server, or potentially a company’s entire IT system. That scalability has made ransomware attacks an exceedingly effective extortion tool in recent years.
According to cybersecurity surveys, the average ransomware remediation cost (counting business downtime, lost orders, operational costs, and more) was estimated at $760 million in 2020. Experts fear this figure will double by the end of 2021.
How Common Are Ransomware Attacks?
In 2016, a joint technical report by several U.S. agencies stated that more than 4,000 ransomware attacks were occurring per day on individuals and corporate networks in the country, a 300 percent increase from the previous year.
In 2017, the attackers known as WannaCry achieved one of the most famous and effective ransomware attacks in history, when they infected 230,000 computers across 150 countries in three days.
The result: more than $4 billion in financial losses, forcing individuals and businesses alike to decide between paying for a recovery of their data (with no guarantee that WannCry’s perpetrators would fulfill their promise) or accepting the outright loss of the encrypted data.
A particularly worrying aspect of ransomware is attackers’ focus on healthcare companies, with 24 percent of affected companies belonging to this sector.
Last year, a joint report by CISA, FBI, and the Department of Homeland Security reaffirmed the trend of cybercriminals targeting healthcare infrastructure, warning healthcare providers of the imminent risk of a cybersecurity breach in their systems amid the COVID-19 pandemic, in the wake of the distribution of TrickBot malware specifically to healthcare facilities.
What About in 2021?
So far 2021 has shown no slowdown of data breaches and cybersecurity incidents. Even though the attack on Colonial Pipeline this spring was the most visible ransomware event of the year (so far), other high-profile cases show the rise and impact of these kinds of cyberattacks.
DarkSide, the cybercriminal group behind the attack on Colonial Pipeline that secured $4.4 million in payment, was also the perpetrator of the cyberattack on chemicals distributor Brenntag in May, which netted the attackers $4.4 million in cryptocurrencies.
In May and June, the cybercriminal group REvil managed to compromise data from Acer and JBS Food, reaffirming the increasing trend of cyberattacks in 2021. JBS Foods confirmed paying $11 million to the attackers to recover its compromised data.
The National Basketball Association (NBA), insurers AXA and CNA, computer manufacturer Quanta, CD Projekt Red and even KIA Motors have all suffered ransomware attacks in the first half of 2021.
Why Are Ransomware Attacks on the Rise?
One of the main reasons is likely the COVID-19 pandemic, which caused a lot of chaos as individuals, businesses, and the federal government struggled to adapt quickly. Widespread disruption gives threat actors an ideal opportunity to sabotage supply chains and major infrastructure.
For example, pandemic disruption was the perfect cover for phishing attacks. As outlined in a report from Microsoft at the end of 2020, a flood of such attacks arrived last year, posing as messages from the World Health Organization, various health departments worldwide, and even charitable organizations. All of them push users to download malicious files or visit fake web pages.
The pandemic also imposed physical limitations on working in the office, where it’s easier to maintain a certain level of cybersecurity. With everyone working remotely, that’s harder to do. Cybersecurity teams that were previously able to respond to certain attacks and cyber threats immediately were now faced with mobility constraints imposed by health measures and forced to find ways to maintain business continuity remotely.
ZenGRC Helps Reduce Your Security Risks
All that disruption, and the ensuing flood of ransomware, puts enormous strain on security teams. That means those teams need better technology to leverage their efforts and maintain a good cybersecurity posture even amid such a difficult threat landscape.
ZenGRC is such a tool, designed to combat today’s and tomorrow’s risks, with governance, risk management, and compliance capabilities that offer a variety of solutions to fit your needs. ZenGRC can help to automate and facilitate the documentation and workflows involved in risk assessment, mitigation, and documentation of cybersecurity controls.
ZenGRC can also trace your compliance stance across multiple frameworks such as HIPAA, CMMC, FedRAMP, and more; and provide real-time views into your compliance stance. ZenGRC can show you where your cybersecurity gaps and vulnerabilities are and what’s required to fill them, improving your overall security stance in the process.
Not only does this help cybersecurity experts and risk managers feel more effective at their jobs; it also helps businesses to be more efficient at managing cybersecurity risk over time.
To see how ZenGRC can improve your cybersecurity strategies, schedule a free demo today.