1.877.297.7816
Contact Us

Ransomware

attacks

are shocking

but shouldn’t

surprise

Author: David Grady

The recent ransomware attack on a major US gasoline pipeline company may have come as a shock to drivers faced with a few days of short supplies and long lines, but those observing cybercrime trends saw it coming. 

“We may not have known who the next victim would be, but we knew that ransomware was becoming far more common in the energy sector,” says Alex Pinto, a senior security analyst in Verizon Business Group’s Threat Research Advisory Center and lead author of Verizon’s Data Breach Investigations Report (DBIR).  “Manufacturers and companies in mining, oil and gas extraction, as well as utilities, came under significant ransomware attacks in 2020.  And we don’t see it slowing down anytime soon.” 

More troubling: ransomware is increasingly leading to actual data breaches instead of just locking a company out of its data.  Attackers are now demanding a ransom payment to release encrypted data and threatening to leak the very same private or sensitive data to the public.  “A company can easily finds itself in a hostage and blackmail situation at the same time,” says Pinto.  “That’s not where you want to find yourself at 3 AM.”

Ransomware Trends 2020

Verizon’s 14th annual DBIR, released in May, analyzed data from research partners and law enforcement agencies in 83 countries covering almost 80,000 security incidents and nearly 5,300 actual data breaches from 2020.  What the report shows is that ransomware has been trending upwards since 2016 and now accounts for five percent of the incidents analyzed in the report.  Further:

  • 10 percent of data breaches where data is actually stolen now involve ransomware.
  • While no industry is immune to ransomware, Manufacturing (as opposed to breaches) saw a particularly sharp increase in the number of ransomware-related malware incidents
  • Data provided by the FBI Internet Criminal Complaint Center (IC3) showed that the median amount of money lost by the victim as a result of a ransomware attack was $11,150. In 95% of the ransomware cases, losses fell between $70 and $1.2 million.

A layered defense can make the difference

Defending an organization against the growing threat of ransomware means knowing how the ransomware gets in in the first place, and which controls – from technology and business process refinement to employee training – are needed. 

The 2021 DBIR explains that ransomware attacks have some variety in terms of how the ransomware gets on the system.  Nearly 60 percent of the ransomware cases the Verizon team studied involved direct install of ransomware or installation through desktop sharing apps with threat actors using stolen credentials or ‘brute force’ tactics.  “The rest of the vectors that we saw were split between email, network propagation and ‘downloaded by other malware,’” the report states.  “For these types of incidents and breaches, we largely see servers being targeted.”

Preventing all attacks may be close to impossible, but there are ways to reduce the risk. For example, security controls from the Center for Internet Security can be enacted by the organization and are considered industry-standard for building an effective security program.

Incident planning can lessen the impact

If ransomware does strike, experts suggest that your organization better have a plan in place to manage the crisis.

“A ransomware attack forces organizations to make some very tough decisions,” says Jim Meehan, Senior Investigations Manager in Verizon’s cybersecurity practice.  Meehan, a former member of the U.S. Secret Service who fought crime and cybercrimes for more than two decades, explains: “Should we pay? How much is too much?  Who approves the payment, and where do we get the money from? And what if the hacker takes the payment but leaks our data anyway?  You have to have a specific ransomware contingency plan and policy in place, well before such an attack, because you don’t want to be making those decisions in real time.  The longer an incident goes on, the more damage it will do to the company.”  

Meehan advises business leaders and security teams to collaborate regularly to ensure their ransomware response plans are up to date. Third-party security assessments and regular testing can also help measure company readiness.

The 2021 DBIR report expects the ransomware trend of taking data hostage and stealing it to remain popular among attackers.  “We are not sure if this breach double-dipping is permitted in the Threat Actor Code of Conduct,” the report reads, “but there has been no evidence that they have one anyway.”

Learn more about how Verizon can help you better secure your business.

David Grady is an ISACA-Certified Information Security Manager (CISM) and Chief Cybersecurity Evangelist at Verizon Business Group.