The Rise of Targeted Ransomware Attacks

When we said last year that ransomware is here to stay, we weren’t alone.  In fact, McAfee Labs 2020 Threat Prediction report lists targeted ransomware attacks among the things to fear most this year.   

We were portending this based on the many attacks that we saw pop-up across the globe. Ransomware not only has stayed; it has grown by leaps and bounds. In early 2019, the average cost in terms of ransom demanded was $40,000 and by December, it had gone up to $86,000. 

Ransomware attacks had already started to become more targeted in 2019 and we expect that trend will continue into 2020. While the overall number of attacks has reduced, the sophistication and focus of ransomware attacks have changed to extract the maximum possible monetary gain out of a single attack. In August 2019, the Sodinokibi ransomware struck Texas, where 22 municipalities across Texas were taken ransom for $2.5 Million. Targeted ransomware attacks are designed to strike at enterprises and public service entities that stand to lose the most because of data loss, and who are also willing to bite the bullet and pay the ransom. 

Threat actors have realized that ransomware which has plagued organizations and individuals alike for over three decades now, can be especially exploited to gain more profits. This malicious idea of targeting individual organizations and sectors birthed the idea of “Big game hunting”, the terminology used to describe targeted ransomware. And that’s what Ryuk, ransomware named after an anime character for the ‘god of death’ went for the “Big Game”.  Ryuk is a silent attack that drills deep into systems and spreads across networks.  Targeting only enterprise environments, and netting over 705.80 in bitcoin since its emergence in August 2019, it has most certainly left its mark. As late as January 2020, Ryuk was making headlines for strategically targeting Oil and Gas companies.  Ransomware like Ryuk can spread across control systems, computer servers, or a network of factory facilities, halting processes and increasing delays. All it takes is a single, innocent click from an unsuspecting employee on a spear-phishing email. 

Another ransomware example is the recent attack on the Healthcare sector. Due to a ransomware attack, on November 5, 2019, The Cancer Center of Hawaii in Oahu was forced to shut down its network servers, which rendered it temporarily unable to provide radiation therapy to patients at Pali Momi Medical Center and St. Francis’ hospital in Liliha. Healthcare records consist of many sensitive details of a patient which could be misused by threat actors of malicious intent. And the downtime at healthcare centers also means patients not receiving critical care when necessary.  

Ransomware attacks are getting sophisticated and costing enterprises more by the day. Government agencies are now being advised to refrain from paying the ransom in case of an attack. In fact, in a recent development, senators in the State of New York proposed a bill to ban local municipalities and other government entities from using taxpayer money for paying ransomware ransoms. 

Increased sophistication in attacks such as these, means that the outcome of ransomware threats can no more be considered a mild infection that can be contained quickly. The number and intensity of attacks in 2019 cement our belief that ransomware authors are intentionally targeting businesses that they view as vulnerable and more likely to capitulate and pay the ransom.  In addition to the ability to render critical data inaccessible, they now come with the ability to identify and encrypt network drives, as well as delete backup copies on endpoint systems. Attackers also have been known to disable the Windows System Restore option for users, thus making it impossible to recover from the attack without external backups. 

The case for a sound endpoint backup strategy has never been stronger.  A secure backup goes a long way in quickly being able to restore data in case of an attack. A backup with an “air gap”, that sits outside your network is the ideal strategy – difficult to access via ransomware – it stays insulated from even the most contagious attacks. When you’re defending your business from unforeseen circumstances, remember that data backup is the kind of “must-have” insurance for your data that goes a long way in covering your back.