Big push: ransomware hacker activity doubled in 2021


 Ransomware has become the number one cyber threat for businesses and government agencies

ransomware hacker activity doubled in 2021

The number of companies facing ransomware hackers in the first four months of 2021 has more than doubled since the first half of 2020, according to Check Point Research, an Israeli company. Ransomware has now become the number one cyber threat for business and government agencies, experts interviewed by Izvestia agree. The activity of ransomware hackers turned out to be much higher than expected, experts say, and predict the spread of the problem to Russia and the CIS.

According to Check Point Research (CPR), 102% more companies encountered ransomware in the first four months of 2021 than in the first half of 2020 . We are talking about programs that, penetrating into a computer, encrypt all data and require a ransom for a key to decrypt . The study authors called the jerk "overwhelming." Since the beginning of April, experts have been monitoring ransomware attacks on more than 1,000 organizations on a weekly basis. For comparison: at the end of the first quarter of 2020, this figure was below 600.

So far, there is no reason to reduce the number of attacks , said Sergey Zabula, head of the group of systems engineers working with partners at Check Point Software Technologies in Russia. According to him, a 100% increase in the number of incidents can be observed at the end of 2021.

- Attackers will continue to invent new, more sophisticated attacks in order to grow their business and steal large amounts of money. And if companies do not pay special attention to training their employees and increasing the level of cybersecurity of the organization as a whole, the amount of damage will grow, the specialist said.

The popularity of ransomware is growing due to an increase in the proportion of employees who work from unprotected mobile devices, delays in the introduction of the latest updates that eliminate known vulnerabilities, and phishing on the topic of COVID-19 , Sergei Zabula believes.

information security officer

Today's ransomware hackers' activity is higher than the information security experts expected at the end of last year and the beginning of this year , noted Oleg Skulkin, a leading specialist at the Group-IB computer forensics laboratory. According to him, ransomware programs have now become the number one cyber threat for both business and government agencies.

“One of the driving forces behind the phenomenal growth of ransomware has been the Ransomware-as-a-Service model. Its meaning lies in the fact that developers sell or rent their malware to partners for further compromising the network, infecting and deploying ransomware, '' said Oleg Skulkin.

The most vulnerable to phishing emails are sales staff, who trust fraudulent messages in 68% of cases

ESET data also speaks of a twofold increase in the number of incidents involving ransomware viruses in 2021, Vitaly Zemskikh, CTO of the company in Russia and the CIS , told Izvestia. According to him, the trend is growing due to neglect of information security in many organizations.

Another reason for the popularity of the method is related to the fact that ransomware viruses are one of the most understandable ways of commercializing efforts for hackers , added Dmitry Galov, cybersecurity expert at Kaspersky Lab.

Hot Spots

Ransomware hackers are most commonly encountered in healthcare, with an average of 109 attacks per week per organization , according to CPR data.

 In second place is the utilities sector with 59 incidents . The top three is closed by the insurance and legal services sector, where there are 34 attacks per week on the company.

If we consider the number of incidents by country, most often hackers attacked organizations in India - on average 203 times a week (we are also talking about the rate per company). Also in the top 5, according to the CPR, were Argentina (104 cases), Chile (103), France (61) and Taiwan (50) . Russia is at the bottom of the list with 1.9 incidents per company per week.

ESET pointed out that in 2020 it has noticed a growing interest of attackers in small and medium businesses

“Unlike large enterprises, small companies have a shortage of personnel to deal with cyber risks: budgets for information security are limited, and there is often no understanding of how to defend against cyber attacks,” explained Vitaly Zemskikh

Due to the pandemic, sellers in a hurry created online stores with weak protection

In general, hackers do not care what industry the potential victim belongs to, the main criterion is solvency , Group-IB stressed.

 According to the company's statistics, organizations in the industrial and retail sectors are most often affected by ransomware. In terms of geography, according to Group-IB, cybercriminals are more likely to target the United States, Europe, the Americas (excluding the United States), and Asia. However, the activities of extortionists began to appear in Russia as well, Oleg Skulkin noted.

- It is predicted that in 2021 a wave of ransomware will affect Russian business and enter the CIS .

 For example, attacks by the OldGremlin group (a Russian-speaking group that last year attacked Russian banks, industrial enterprises, medical organizations and software developers) have already been recorded in the Russian Federation - Izvestia), the expert said.

New tricks

The CPR report also highlighted new ransomware hacker tricks . In the past, the double-pressure technique has proven itself among cybercriminals , in which the victim was blackmailed not only with the prospect of complete data loss, but also by publishing the stolen information. Now researchers have recorded a trend of triple extortion.

“In essence, this is an extension of the double extortion method associated with the emergence of an additional unique threat,” said Sergei Zabula.

virus in the computer
virus in the computer

As an example, the expert cited an attack on a large psychotherapy clinic Vastaamo in Finland in October 2020. Cybercriminals blackmailed not only the medical organization, but also its clients by disclosing data .

 In February of this year, the REvil group tried an additional method of pressure.

 She has already added two stages to her scheme of double extortion: DDoS attacks (a type of attack aimed at disabling a company's servers by organizing massive requests to it) and phone calls to business partners, company employees and the media.