What Is Ransomware?
Ransomware is malicious software that encrypts your computer, locking you out of confidential files and data until you agree to pay a ransom. Ransomware deploys in many ways, but perhaps the most common are Phishing Emails and Social Engineering Attacks, exploiting vulnerabilities within your software or system, and malicious advertising.
1989: The First Big Ransomware Attack
Nearly 20,000 attendees of the World Health Organization's (WHO) AIDS Conference fell victim to the "AIDS Trojan" (or "PC Cyborg") virus after accepting free floppy disks advertised to have free software. Fortunately, Jim Bates' decryptor, CLEARAID, successfully restored the victims' files without paying the $189 ransom if they had not already taken care of it.
2017: Most Notable Ransomware Attack
The WannaCry and Petya/NotPetya cyberattacks exploited vulnerabilities in the legacy Microsoft Operating Systems Windows XP and Windows Server 2003. WannaCry spread to 150 countries, took down the National Health Service (NHS) in the U.K., and has reportedly cost the global economy $7.35 billion (£6 billion) so far. NotPetya was the root cause of sizable losses for organizations like Cadbury, Oreo manufacturer Mondelez, and Neurofen manufacturer Reckitt Benckiser, 'who expected to make losses of about £100m as a result of the attack.'
2021: Supply Chain Catastrophe - Colonial Pipeline
Threat actors took down one of the U.S.'s major fuel pipelines using just one compromised password. The attack led to downtime, substantial financial loss, and fuel shortages across the East Coast, forcing the pipeline to shut down all operations for six consecutive days. Additionally, fuel shortages caused major transport companies to pause their hauling, impacting industries like the meat industry, which heavily relied on gas availability for timely transport. After six days of downtime, Colonial Pipeline agreed to pay the threat actors $4 million in BitCoin to free themselves from the ransomware.
2021: Healthcare - Ireland Health Service Executive
Threat actors infiltrated the Ireland HSE IT systems using Conti Ransomware. The attack impacted 80% of the IT infrastructure and caused the loss of key patient information and diagnostics. This was the most significant attack on an Irish state agency, disrupting operations and creating severe impacts on health services and the provision of care. Patient data, including sensitive information, was published online.
2021: IT Services - Kaseya VSA
Threat actors used an authentication bypass vulnerability to compromise the VSA and distribute a malicious payload to hosts using the remote monitoring and management software, amplifying the reach of the initial foothold. The REvil ransomware gang took credit for the attack, which impacted a variety of organizations, from supermarkets to small businesses.
2022: Los Angeles United School District
The Los Angeles United School District (LAUSD), made up of 10,000 schools and over 600,000 students, fell victim to a ransomware attack during the 2022 Labor Day weekend. After discussing response options with the FBI and CISA, LAUSD refused to pay the ransom, stating that that money was budgeted specifically for the children's education and would stay that way. The attacking group, Vice Society, then released 500G of data containing the personal data of hundreds of thousands of students, staying consistent with their initial threat.
The Shift in Demanded Currency
Ransomware attacks are showing no signs of slowing down. In the first half of 2021, the world saw that the average ransom payment was $570,000, which had increased by 83% from the previous year's findings, reported at $312,000. With the increase in ransom, there has also been a shift in the methods used to pay the ransom. For example, gift cards were a big trend as a victim could make a non-refundable purchase and send these cards to the demanding threat actor. In more recent years, the demand for payments to be made in the form of cryptocurrencies, such as Bitcoin, Monero, and Zcash has dramatically increased.
According to Help Net Security, Bitcoin-themed cyberattacks surged 192% since October of 2020. The demand for bitcoin and other cryptocurrencies has exploded for two main reasons. Firstly, the price of a single Bitcoin has grown immensely since it was first introduced in 2009. However, it is worth noting that as quickly as the price can rise, the price can also drop at any given moment. Secondly, cryptocurrencies are decentralized and unregulated. This means that cybercriminals can be paid any amount of ransom in Bitcoin and still remain entirely anonymous.
Who Is at Risk of a Ransomware Attack Going Forward?
CSO reports that the short answer is everyone. Every business, MSP, enterprise, and organization is a target for ransomware attacks. Additionally, CSO reports that large organizations in Government, Education, and Healthcare sectors are at a huge risk. Small to medium-sized businesses should also focus their efforts on enhancing their cybersecurity. Threat actors see them as prime targets as many lack the time, money, and resources to invest in solutions that will mitigate cyber attacks.
It’s now more important than ever to make sure your endpoints are secure, and that you take the time to invest in cybersecurity solutions that will protect your business.
How You Can Prevent Ransomware Attacks
Unfortunately, there is no single bulletproof solution to stop ransomware from infecting your machines and stealing your data. However, there are steps you can take to help lower the chances of your business becoming the next victim.
- Protect your endpoints, systems, and servers by implementing a Zero Trust Security model
- Educate your staff and users on social engineering and threats of user error
- Install policy-driven software
- Create a disaster recovery plan
ThreatLocker’s aim is to provide solutions that proactively defend your organization against countless cyber threats and the support needed for your dynamic operations. Ransomware will continue to rise, but ThreatLocker helps businesses implement a Zero Trust endpoint security solution to help minimize the likelihood and mitigate cyberattacks.
Interested in improving your cybersecurity stack and preventing ransomware?