In our ransomware report, titled Ransomware: The Real Cost to Business, 81% of respondents said they are very or very concerned about the risk of ransomware attacks. Given the growing threat posed by ransomware, that’s no surprise.
A new attack now occurs every 11 seconds, with projected losses to the ransomware expected to hit $ 20 billion by the end of 2021 – a 225% year-over-year increase, according to the The FBI Complaint Center for Cybercrime (IC3).
Different shades of ransomware
Ransomware is a threat category, which means that not all attacks are created equal. For example, not every ransomware incident involves encryption. Some variants use locking techniques to prevent victims from accessing a device until they pay a ransom. Others use encryption to make victims’ files inaccessible unless they pay for a decryption key.
There are also the differences that divide opportunistic and targeted ransomware attacks. There are enough do-it-yourself ransomware kits on the dark web for script kiddies to use spray-and-bet tactics to distribute ransomware. The idea is to send as many lures as possible to malicious crypto-malware payloads so that these opportunistic attackers can make a profit.
These actors do not tailor their attacks to a specific target. They play the numbers and hope that at least some companies are sloppy with their backup and recovery hygiene and that their threat detection strategy consists only of traditional antivirus solutions that are difficult to defend against ransomware attacks
However, the situation is different with targeted ransomware attacks or RansomOps attacks, as we call them. These campaigns are not run by technically unskilled people. These attackers have the technical acumen to perform more complex operations that involve a high level of reconnaissance of the target so that they can customize their attack sequences, resulting in more effective and potentially devastating results.
A wide pool of potential victims is not the target of targeted RansomOps attacks. The goal is to choose a specific destination – usually one in a sensitive industry like critical infrastructure providers – and choose destinations based on their ability to pay an incredibly high ransom note. The attackers use more advanced tactics such as privilege escalation and lateral movements in the network – much like what an APT group would do – to get what they want from their victim.
Industries most frequently attacked by RansomOps
In recent years, targeted RansomOps attacks have focused on some industries versus others. Take the education sector as an example. As reported by CBS news, Schools are one of the most popular targets for ransomware attacks today. That’s because faculty, staff, and students in many educational institutions are not trained to spot phishing emails, malicious URLs, and other common digital threats. Many of these organizations rely on public funding that varies from year to year, a reality that makes it difficult to sustain investments in good security measures from year to year.
Then there is the industrial sector. Covered in a report by ZDNet, for example, security researchers found that almost every industry struggled with ransomware attacks throughout 2020. Even so, the industrial goods and services sector suffered the largest share of crypto-malware incidents, accounting for nearly a third (29%) of the ransomware attacks this year.
This finding reflects the extent to which industrial companies are dependent on the continuous availability of their physical processes. Any interruption in the production processes of these facilities could undermine national security and / or threaten public security. Ransomware attackers understand this point and interpret it as an obligation on the part of industry victims to pay for any ransomware demand as soon as possible so that they can restore normal operations.
The same could be said about healthcare. Organizations in this sector need access to patient data so that they can perform life saving treatments as well as other medical treatments. This puts them under increased pressure to pay a ransom note. Some ransomware groups have benefited from this position from health organizations in the past, but like from TechRepublic, other gangs of ransomware are committed not to attack healthcare targets.
Variable impact of ransomware on target industries
It is interesting to note that ransomware attacks affect this and other industries differently. When asked in our survey whether companies lost revenue after a ransomware attack, 64% of healthcare companies answered yes. This is in contrast to roughly half of the companies who report lost sales in other sectors such as legal and manufacturing.
Then there is the percentage of ransomware victims who report job losses. Half of the legal organizations reported having suffered these consequences, while only 29% of manufacturers and 24% of healthcare companies did.
Defense against ransomware attacks
However, one thing is certain in all of these industries: businesses need to focus on defending themselves against a ransomware attack. One way to do this is to invest in a layered anti-ransomware solution that uses behavior-based detection to visualize and disrupt the RansomOps attack chain.
Cybereason’s Operation Centric approach means no data filtering and the ability to detect attacks earlier due to rare or beneficial chains of (otherwise normal) behaviors. Cybereason is unbeaten in the fight against ransomware thanks to our multi-layered prevention, detection and response, which includes:
- Anti-ransomware prevention and deception: Cybereason uses a combination of behavioral detection and proprietary deception techniques to uncover the most complex ransomware threats and stop the attack before critical data can be encrypted.
- Intelligence Based Antivirus: Cybereason blocks known variants of ransomware that use an ever-growing pool of threat intelligence based on previously detected attacks.
- NGAV: Cybereason NGAV is based on machine learning and detects malicious components in the code in order to block unknown ransomware variants before execution.
- Fileless ransomware protection: Cybereason disrupts attacks with fileless and MBR-based ransomware that traditional antivirus tools overlook.
- Endpoint controls: Cybereason protects endpoints against attacks by managing security policies, maintaining device controls, implementing personal firewalls, and enforcing hard disk encryption for a range of device types, both fixed and mobile.
- Behavior-based document protection: Cybereason detects and blocks ransomware hidden in the most popular business document formats, including those that use malicious macros and other stealth vectors of attack.
Cybereason is dedicated to working with defenders to stop cyberattacks from endpoints to businesses everywhere – including modern ransomware. You can find more information about protecting against ransomware here or arrange a demo today to see how your organization can do it Take advantage of a business-oriented approach for safety.