Ransomware has had a tremendous impact on businesses and individuals around the world. It targets companies of all sizes and exploits the weaknesses in their IT systems. It is important to understand the existing ransomware trends to know how to fight ransomware efficiently.
Cybersecurity experts at SpinOne study ransomware especially precisely. One of our products, SpinSecurity, is a unique tool that helps stop ransomware in cloud office early on. Thereby it minimizes the downtime for any business by 99% and cuts down the negative consequences of a ransomware attack. To continue improve our solution and keep it up to day, we follow all the major ransomware trends. In the present article, we share our most recent findings along with vital takeaways for businesses.
Get AI-driven Ransomware Protection for Google Workspace and Office 365Use SpinOne
Table of Contents
Ransomware Trends 2022
Ransomware is constantly changing, as well as its impact on the world. That’s why being up-to-date is vital for being safe from ransomware. Let’s take a look at the most recent trends.
1. Ransomware impact continues to grow
We’ve seen a significant growth in every ransomware stat over the course of 2020-2021:
- the number of ransomware incidents – 62% (over first 6 months of 2021)
- the quantity of ransom demands – 225% (in 2020)
- the average ransom demand – 518% (from $850K in 2020 to $50M 2021)
- the average ransom payment – 120% (from $312K in 2020 to $570K in 2021)
- the total cost of attacks on businesses worldwide per year – is up to approximately $20B in 2021
- the average downtime due to ransomware has increased from 14 days in 2019 to 21 days in 2021
- The increasing digitization of businesses
- Global remote work practices due to pandemics
- Insufficient budgeting of IT security teams
- For many companies it is easier to pay ransom than to search for decryption keys and let authorities investigate
- Growth of cyber-criminals and cyber-criminal groups using ransomware
- Ransomware-as-a-service is cheap ($40) and easy to purchase on DarkNet
- Ransomware doesn’t require special technical skills to carry out the attack
- Low risks of being captured for criminals many of whom get support and protection from their home country
- Cryptocurrencies make ransom payments easy and unracable.
Takeaways for businesses:
With the constant increase in the number of ransomware attacks, the likelihood of being hit by this type of ransomware for a single business is constantly growing.
2. Most attacks are generic
When we talk about ransomware, most people think about criminals who would learn everything about your company to fetch a very individual email from another employee or CEO of your company (technique called spearphishing). Despite the fact that it is more efficient, most ransomware attacks aren’t targeted or sophisticated. SpinOne cybersecurity experts think that many cybercriminals deliberately add mistakes in their phishing emails. They do it to sift attentive employees as well as people who tend to be suspicious about emails.
- Targeted attacks require more resources
- Non-sophisticated attacks still work great due to multiple human factors
Takeaways for businesses:
Though training of employees is necessary, it is not enough. Companies need additional layers of protection against ransomware. These are backups, decryption solutions and tools that are able to stop ransomware in action.
3. Double & Triple Extortion
One of the latest trends in ransomware world is double and triple extortion. Double extortion means that cybercriminals first steal the business’ data and only then encrypt its file system. In triple extortion, they additionally use DDoS attack.
As a result criminals would profiteer not only from the ransom they demand but also from the exploitation of the stolen information. There are several ways the data can be used. First, the criminals can demand ransom for the data from the individuals (e.g. customers or employees of the attacked company). Second, they can sell the information on dark web to other criminals.
Needless to say, the impact of double or triple extortion is more devastating to the company, its employees, partners, and clients. According to cybersecurity experts, the greatest share of the cost of a ransomware attack for a business is operation interruption and recovery.
- Ransomware is constantly evolving
- The use of backups by many companies cause cybercriminals search for the new ways to exploit the malware.
Takeaways for businesses:
A ransomware attack results in enormous money and reputation losses and even bankruptcy. With the increase of negative consequences of a single ransomware attack, the necessity to prevent it grows. The search for a tool like SpinSecurity that is able to decrease the downtime significantly becomes the key goal.
4. Supply chains as a new target
There are two types of supply chains that are lucrative to cybercriminals:
- Physical infrastructure.
These companies have large budgets and have nationwide significance. For example, Colonial Pipeline was hit by ransomware. As a result, the US had severe problems with oil supplies for about a week. Attacks on physical infrastructure can be sponsored by governments.
- Applications and software products
These companies are most interesting due to their clients. Criminals would look for vulnerabilities in their software product to infect individual and corporate users with ransomware and demand ransom from them.
- Exploiting supply chains can give access to hundreds or even thousands victims at once.
Takeaways for businesses:
Businesses need tools that will not only protect them from ransomware but also enable control the access of applications to their critical IT systems.
5. Cloud SaaS Ransomware
Modern strains of ransomware can target cloud SaaS data in addition to the on-premise systems. Cybercriminals exploit OAuth to gain access to corporate Google Workspace, Office 365, or Salesforce. They encrypt files and their previous versions preventing companies from using their corporate data.
- Ransomware is a multi-billion business needs to increase their revenue by finding new channels
- Active cloud SaaS adoption by businesses, partially due to Covid-19.
Takeaways for business:
Businesses need special tools that protect their data stored in Office 365 or Google Workspace.
What Is The Best Way to Resolve A Ransomware Threat?
According to Michael Daum, Senior Cyber Underwriter at AGCS, in 80% of ransomware incidents, losses could have been minimized. He claims that companies didn’t have proper cybersecurity practices at hand.
We suggest some basic rules of ransomware protection:
- Educate your employees.
- Audit applications that have access to your IT system and use whitelists.
- Update your cybersecurity software regularly.
- Check the new hardware.
- Give access to system settings and vital data only to trusted users.
- Monitor suspicious data and user behavior.
- Back up your data.
- Create ransomware incident response plan.
- Use automation tools to carry out the above-mentioned tasks.
SpinOne Is The Best Protection Against Ransomware
- Provides the shortest downtime on market – up to 1 hour.
- Analyzes data behavior in your cloud office.
- Detects ransomware within minutes after attack onset.
- Terminates the attack immediately.
- Granularly restores data from the backup.
- Up to 3 automated daily backups.
- Safe data storage in Azure, GCP, or AWS.
- At-rest and in-flight data encryption to keep your data secure in both storage and transit.
- Indefinite data retention.
- Reports to monitor the status of your protected data
- Point-in-time restore to give you a variety of versions to restore from.
- 100% accurate recovery using the same folders hierarchy from any point in time
- …And much more.