This August has been the scene of high-profile cyberattacks, whether at the Southern Ile-de-France (CHSF) Hospital Center in Corbeil-Essonnes or the Ramsay Group’s 120 French hospitals. However, the vast majority of these attacks are not reported by the companies that experience them, according to Barracuda, a cloud security solution provider that estimates these attacks at more than 1.2 million every month… It released a new research report on August 24 . which analyzes ransomware attack patterns that took place between August 2021 and July 2022.
Cybercriminals use malware, often in the form of an attachment or link, to infect a network and block email, data, and other important files until a ransom is paid. These scalable and sophisticated attacks are damaging and costly, and can disrupt day-to-day business operations and result in large financial losses.
In 2021, Barracuda noted a trend towards double extortion, where attackers steal sensitive data from their victims and demand payment in exchange for a promise not to release or sell the data to other criminals. On top of that, in this year’s study, the company found that attackers are now demanding late fees or fines if ransoms are not made on time.
Most ransomware attacks don’t make headlines. Many companies choose not to disclose that they have been targeted, and it is often extremely difficult for small businesses to deal with attacks.
Fleming Shih, CTO of Barracuda, says:
“As ransomware and other cyber threats continue to evolve, the need for adequate security solutions is greater than ever. Many cybercriminals target small businesses in an attempt to gain access to larger organizations. Therefore, it is important that security vendors create products that are easy to use and implement, no matter the size of the company. In addition, sophisticated security technologies must be available as a service so that companies of all sizes can protect themselves from these ever-evolving threats. By making security solutions more accessible and user-friendly, the industry as a whole can help improve protection against ransomware and other cyber attacks. »
Analysis of 106 high-profile attacks
Barracuda researchers analyzed 106 high-profile ransomware attacks between August 2021 and July 2022 and found an increase in the number of attacks in the most targeted sectors. These sectors are education (15%), municipalities (12%), healthcare (12%), infrastructure (8%) and finance (6%). At the same time, attacks on other industries more than doubled compared to last year.
While attacks on municipalities increased only marginally, the analysis showed that ransomware attacks on educational institutions more than doubled, and attacks on the healthcare and finance verticals tripled.
According to Fleming Shea, the fact that attacks related to infrastructure have quadrupled indicates the intent of cybercriminals to do more damage beyond affecting the immediate victim and makes him realize how vulnerable we are all to potential nation-state sponsored cyberattacks. , since they are the subjects of threats that are most likely to attack infrastructure objects.
Service providers were the hardest hit (14%). Whether they provide IT or other business services, these types of organizations are attractive targets for ransomware groups because of the nature of the access they have to their customers’ systems, Fleming Shi said. Access to victims increases if attackers succeed in their territory and expand their strategy.
Ransomware attacks on automotive, hospitality, media, retail, software and technology organizations have also increased.
The data does not refer to any ransomware attacks on cybersecurity companies between August 2021 and July 2022, and the Cisco attack by the Yanluowang ransomware group was only discovered in mid-August.
Lessons to be learned from this report
Over the past year, law enforcement has recovered more ransomware payments, and the US Department of Justice has seized approximately half a million dollars in ransomware payments directed to North Korean cybercriminals targeting healthcare organizations. On the other hand, the United States and the EU encourage cooperation against ransomware attacks.
However, cyber attackers continue to exploit the ransomware industry with lengthy ransomware attempts. Fleming Shi said he was surprised to see many successful attacks on VPN systems without stronger authentication systems. The rapid transition to remote work during the COVID-19 pandemic has shown that this is a weak point for many organizations, and it makes sense for him that cybercriminals will continue to try to exploit these vulnerabilities. While companies have had plenty of time to improve their authentication, many have not.
However, this analysis showed that fewer victims paid the ransom and more companies were able to survive thanks to better defenses, especially in attacks against critical infrastructure.
Working with the FBI and other law enforcement agencies also has an impact. For Fleming Shea, attacks on critical infrastructure have become a wake-up call for authorities to take action, and agreements between various states and government leaders have created an environment for working together to stop such attacks.
An analysis of the three attacks that helped solve the Barracuda SOC revealed several similarities:
- These attacks were not one-day or week-long, but carried out over several months;
- VPNs are constantly under attack as they lead to infrastructure and assets;
- Credentials are either stolen via phishing attacks or purchased on the dark web.
- The Microsoft 365 email credential links are for convenience, but they also mean that single sign-on leads to many potential infrastructure routes.