In 2021, there are two words that can send a cold chill down the spine of any Cybersecurity professional and business leader; Phishing and Ransomware. Research carried out by the Data Analytics and training company CybSafe, identified that 22% of all cyber incidents reported in the first quarter of 2021 were ransomware attacks. According to the figures obtained from the Information Commissioners Office, they are up by 11% compared to 2020.
Ransomware groups have been exploiting the switch to remote work unlike any other. Ransomware attacks increased by more than 485% in 20201. By 2031, a new organization is expected to fall prey to a ransomware attack every 2 seconds2. Multiple reports by threat hunting firms confirm that the primary attack vector they are using to infiltrate corporate networks are poorly guarded Remote Desktop Protocol (RDP) connections.
Nearly 80 per cent of all ransomware attacks in the first half of 2021 involved the threat of leaking exfiltrated data. Exfiltration is a popular pressure tactic as it introduces the threat to publish stolen sensitive data to a threat actor extortion website if a ransom payment is not received. Our team currently tracks over 40 threat actor extortion websites, with new sites belonging to new ransomware groups emerging each week.
Ransomware has become an annual event for many organizations, costing them millions in lost productivity and revenue. While there have been some notable successes in fighting off this threat, the industry as a whole must continue strengthening its resolve in order to safeguard against future attacks. Part of this can come down to recognizing the role that users and employees play in fighting off these attacks and providing them with info and tools they need to help reduce risks.
Most ransomware groups operating in the RaaS (Ransomware-as-a-Service) model have an internal code of A new zero-day vulnerability (CVE-2021-40444) affecting multiple versions of Windows has recently been discovered and disclosed by Microsoft. According to Microsoft’s Security Update Guide, the MSHTML component can be exploited by an attacker through a custom ActiveX control, allowing remote code execution.
Most ransomware groups operating in the RaaS (Ransomware-as-a-Service) model have an internal code of ethics that includes avoiding breaching some specific sectors, such as hospitals or critical infrastructure, thus avoiding great harm to society and consequently drawing less attention from law enforcement.
On July 2, 2021, the cybersecurity world woke up to yet another ransomware attack—this time, the victim was Kaseya, a software enterprise that provides IT management solutions predominantly to managed service providers (MSPs). The attack made a huge impact, affecting several MSPs and thousands of their customers. So, what exactly transpired in what most cybersecurity experts are calling the largest criminal ransomware attack on record?
Cloud-based business models such as infrastructure as a service and software as a service have balloon in popularity, gaining mainstream acceptance in recent years. Cloud providers benefit from superior economic models that scale while also reducing their development risk and complexity. However, with success comes attention, so it’s only logical that criminals have emulated these models.
Accenture has acknowledged that it was the victim of a ransomware attack on July 30 in what it described as a "security incident." As reported by Cyberscoop, the hackers (a gang known as LockBit) began leaking stolen data and threatened to release further compromised information. LockBit first emerged in 2019 and its ransomware cyberattacks primarily target large corporations, from which it hopes to extort large sums of money.
