The evolution of ransomware attacks

22. February, 2022

Ransomware attacks, data breaches and IT outages worry companies worldwide more than business and supply chain disruptions (2nd) or natural disasters (3rd), according to the Allianz Risk Barometer 2022.

In Austria, critical infrastructure failures rank third among the most feared risks, behind cyber threats and business interruptions. The biggest climber is the shortage of skilled workers. Fear of the effects of the pandemic decreases worldwide with the duration of the pandemic.[1]

Cybercrime on the rise

The police crime statistics show significant increases in the area of cybercrime. With 46,000 reports, Austria reaches a new high in 2021–with an increase of one third compared to 2020.[2]

Companies still consider ransomware to be the biggest threat. The immense dependence on digital communication makes businesses vulnerable. The improvement of cyber security as a central topic of corporate management is supposed to provide a remedy, but there is uncertainty about concrete measures. An aspect often mentioned is the improvement of business continuity management within the company.

New ransomware trends

The AGCS (Allianz Global Corporate & Specialty) cyber reports, divides ransomware trends into four themes and describes them as incremental changes[3]:

  • Attacks on supply chains: Suppliers are exploited as a gateway and attack vector. Alternatively, physical supply chains or critical infrastructure are attacked directly.
  • More pressure: Additional threats, e.g. the publication of sensitive data, should increase the motivation to pay the ransom.
  • Ransomware as a service: Criminals sell or rent their ransomware tools and processes, topped off with additional support services.
  • Rising ransom demands: The amounts demanded are rising sharply–in the USA from more than 5 million US dollars to five times that amount within one year.

Law enforcement agencies advise against paying ransoms. Attacks should not be further encouraged. Nor is payment a guarantee of successful recovery. Reconstructing the systems to a known and, above all, trustworthy state is an undertaking that should not be underestimated. Help from experts is usually worthwhile.

Recommendations and countermeasures

Cyberattacks can affect anyone, from large corporations to SMEs to private individuals. A heightened awareness and active preventive measures help to minimise the risk. These include regular patches and updates, multi-factor authentication, employee training on information security and efficient crisis planning. A good start is to review the current backup strategy.

Guideline:

Ransomware attacks: Do’s and Don’ts

Worth reading:

Beware of Bad USB Attacks: New ransomware campaigns come via stick

Behavioural analytics, anomaly detection and visibility: additional protection against ransomware

Trending topics: Crypto currencies, 5G and zero-day exploits

Sources:

Red Teams, Blue Teams, Purple Teaming

Living Off the Land attacks

MSSP of the Year 2024

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download