Author: Nick Nemtuda, Red Five OSINT Analyst
You likely heard about, and may have been affected by, the Colonial Pipeline Company ransomware attack in May 2021, but you probably are unaware of the ransomware attack that targeted Lincoln College later that year, forcing the institution to close in May 2022. This is because after years of ransomware attacks against high profile targets such as Colonial Pipeline, Sony Motion Pictures, JBS Foods, and Kaseya Limited, cyber criminals are changing their tactics and who they target in order to increase the likelihood of the success of the attack and reduce scrutiny. International government coalitions looking at the global threat of ransomware highlighted that recent trends show that criminal enterprises appear to be shifting away from “big game” hunting, as the vast majority of ransomware attacks in 2021 targeted small and medium size businesses.
As the threat of ransomware attacks to organizations globally increases, it is important for businesses both big and small to be aware of the risks that ransomware attacks pose and take the necessary steps to ensure their data is protected from such an attack.
● Ransomware is a type of malicious software designed to encrypt the data available on the host’s network, according to the Cybersecurity and Infrastructure Security Agency (CISA). Once encrypted, the data is held for ransom and locked until the owner pays a fee to receive the decryption code.
Ransomware poses one of the biggest cyber threats to organizations globally. There is an attempted ransomware attack in the US every 14 seconds, according to CISA statistics. These attacks result in an estimated over USD 1 billion in ransom payments annually. When the costs associated with data recovery, IT, and loss of business were added in, the total price tag rose to USD 7.5 billion in the United States in 2019 alone.
Historically, hackers have committed high profile ransomware attacks targeting large businesses and critical infrastructure. For example, cyber criminals targeted Colonial Pipelines Company for a ransomware attack on 6 May 2021, shutting down several of their oil pipelines, stealing over 100 gigabytes of data, and forcing the company to pay a USD 4.4 million ransom. A few years earlier, Sony Motion Pictures was hit with a ransomware attack on 24 November 2014, which was responsible for over 100 terabytes of data being stolen, including confidential internal documents such as emails, contracts, and employee personally identifiable information (PII).
However, cybersecurity authorities in both the US and abroad have observed in recent years that hackers have expanded their focus beyond large corporate entities to target smaller businesses. According to the Ransomware Task Force, small businesses were the target of 70 percent of ransomware attacks in 2021. This shift has allowed malicious actors to target companies that can pay a sizable ransom without the negative media and law enforcement attention that is nearly unavoidable with large corporate entities. Recent examples include Cincinnati State Technical and Community College, where cybercriminals gained access to and published sensitive personally identifiable information (SPII) of students and faculty; Heibronner Stimme, where a ransomware attack forced the company to halt circulation of their newspapers and limited the ability of their online platform; and the André Mignot Hospital, where cybercriminals forced the hospital to halt operations and demanded a ransom of USD 10 million.
Cybersecurity authorities have assessed that ransomware attacks will continue to persist as long as such attacks remain profitable. While mitigation of the risks posed by ransomware attacks requires long term investment and continuous monitoring, here are some best practices that companies can implement immediately to protect against such an attack:
- Backup data. Backing up data and storing a hard copy offline drastically mitigates the risk of a crippling ransomware attack.
- Utilize multi-factor authentication (MFA). MFA prevents unwanted entry into a company’s computer networks by forcing any user to authenticate themselves through a predetermined method.
- Ensure operating systems and software are up-to-date. Software providers are constantly monitoring for new threats to their systems and the updates they provide offer protection against emerging threats.
- Pay attention to ransomware events and apply lessons learned. The cyberthreat landscape is constantly evolving. A company not up-to-date on the latest threats is a company at the greatest risk.
- Review and exercise incident response plans. Routine practice of a company’s incident response plan is an investment that could mitigate the risk to the company’s money, time, and reputation.
The best practices listed above are a great start to ensure protection of your network; however, additional steps are required to ensure the highest level of security. Red Five offers several services that can help protect companies from the significant consequences of a ransomware attack, including cyber audits and network technology reviews, dark web monitoring, and business continuity planning.