Kaspersky, a leading cybersecurity firm, has announced that almost 50% of all the incident responses by its Global Response Emergency Team from January to November 2021 were related to ransomware.
Ransomware on the rise
Kaspersky’s Global Response Emergency Team (GERT) is called in by companies after a security breach to limit the damage and prevent an attack from spreading to conduct what is known as Incidence Response (IR). From January to November 2021, nearly every second security incident handled by GERT was connected to ransomware (nearly 50% of all IR requests) —an increase of nearly 12 percentage points when compared to 2020.
In terms of cybersecurity, ransomware is currently the largest threat to organizations and governments, taking down gas pipelines and health services. Ransomware operators have refined their arsenal, focusing on fewer attacks against large-scale organizations, and an entire underground ecosystem has appeared to support ransomware gangs’ efforts.
In the first 11 months in 2021, the percentage of IR requests processed by Kaspersky’s GERT team was 46.7%, a jump from 37.9% for all of 2020 and 34% for 2019.
Government services targeted
The most common targets were found in the government and industrial sector, attacks against those two industries compromised nearly 50% of all ransomware-related IR requests in 2021. Other popular targets included IT and financial institutions.
As ransomware operators have shifted to bigger ransom demands and more high-profile targets, politicians and law enforcement agencies have been responding, making efficiency of attacks critical. This has resulted in two trends. Firstly, ransomware gangs are likely to construct Linux builds of ransomware to maximize their attack surface; this is something that has already been seen with groups like RansomExx and DarkSide. Secondly, ransomware operators will start to focus more on “financial blackmail”. This is when operators threaten to leak critical information about companies when they are undergoing critical financial events to undervalue their stock prices. When companies are in such a vulnerable financial state, they are more likely to pay the ransom.
Ambitious operations
“We began talking about so-called Ransomware 2.0 in 2020, and what we’ve been seeing in 2021 is this new era of ransomware coming into full force. Ransomware operators aren’t just encrypting data; they’re stealing it from critical, large-scale targets and threatening to expose the information if the victims doesn’t pay. And Ransomware 2.0 is going anywhere in the coming year,” said Vladimir Kuskov, Head of Threat Exploration at Kaspersky.
“At the same time, now that are is in the headlines, law enforcement agencies are working hard to bring prolific groups down—which is what happened with DarkSide and REvil this year. These gangs’ lifecycles are being compressed, and that means they’re going to have to refine their tactics in 2022 to remain profitable, especially is some governments make paying ransoms illegal—which is being discussed,” added Fedor Sinitsyn, security expert at Kaspersky.
Recommendations
Kaspersky recommends taking the following steps to defend against ransomware:
- Do not expose remote desktop services (such as RDP) to public networks unless absolutely necessary and always use strong passwords for them.
- Promptly install available patches for commercial VPN solutions providing access for remote employees and acting as gateways in your network.
- Always keep software updated on all the devices you use to prevent ransomware from exploiting vulnerabilities.
- Focus your defense strategy on detecting lateral movements and data exfiltration to the Internet. Pay special attention to the outgoing traffic to detect cybercriminals’ connections. Back up data regularly. Make sure you can quickly access it in an emergency when needed. Use threat intelligence information to stay up to date on new threats.
- Use solutions like Kaspersky Endpoint Detection and Response and Kaspersky Managed Detection and Response service which help to identify and stop an attack at its early stages, before attackers reach their final goals.
- Train employees on how to identify a potential threat and how to respond to it. A free lesson on how to protect from ransomware attacks is available here.
- Use a reliable endpoint security solution that is powered by exploit prevention, behaviour detection and a remediation engine that is able to roll back malicious actions.
On an individual level, Kaspersky recently highlighted the dangers of criminals targeting users of streaming apps.
