Ransomware surged in 2021 and is showing no signs of slowing down in 2022 due to the continuing pandemic and the conflict in Ukraine.
According to Barracuda Network’s research, attacks on corporations, including infrastructure, travel, financial services, and other businesses, made up 57 percent of all ransomware attacks with infrastructure-related businesses account for 11 percent of all the attacks. And, let’s not forget the supply chain ransomware attacks which made headlines last year.
Learning from others’ mistakes and misfortunes can sometimes be the best defense against a hack.
“I tell all of my clients to stay ‘plugged in’, watch the news, scour Twitter, join associations, and talk to others to see where ransomware attacks are being seen. The best way to defend against an attack can be to see where hackers are targeting,” advises Tony Higgins, a cybersecurity consultant in Boston.
Headline-grabbing breaches of the past 30 days:
- Austin Peay University: End-of-semester exams were derailed, and the ordinarily busy Tennessee campus ground to a halt after the school’s network was frozen due to a ransomware attack. The school reported that students still have access to their meal plans, and payroll had already been processed, so employees were paid on time this week, but final exams were canceled. So, while some students may have cheered, school administrators were left scrambling.
- Kellogg Community College: Meanwhile, in Michigan, classes were stymied when a successful ransomware attack was unleashed. The school issued a statement: “Our investigation is still in its early stages, and we will share updates as soon as we learn more. Out of an abundance of caution, we are initiating a forced password reset for all students, faculty, and staff to secure our network further.”
- Louisville Law Firm: firm, vowing to publish stolen files if not paid. According to reports, extortionists gave Becker Law Office only a few days to respond to their demands, or they would publish files allegedly stolen from the firm.
- The American Dental Association (ADA), which is a dentist and oral hygiene advocacy association providing training, workshops, and courses to its 175,000 members, was hit this weekend by a cyberattack. As a result, shut down portions of their network were shut down during an investigation of the attack.
- Cincinnati Museum Center: One of Cincinnati’s premier tourist destinations was shut down for weeks in March and April as the museum struggled with a ransomware attack. Ticketing systems were offline and kiosk interpretive displays went dark. The attack hit just before the peak spring and summer tourist seasons and cost the center thousands in lost revenue generated by admissions.
- The Works: Hackers hit the British discount stationery and books retailer with ransomware. Some stores in the 500-store chain were forced to shut down as registers, and other inventory systems could not be brought back online.
These ransomware attacks are troubling to cybersecurity experts
“What we are seeing is a ransomware epidemic. Numbers show us that ransomware surged in the past year; when numbers come out for this year, I’m betting it’s even higher,” says Higgins.
In the examples in this week’s article, Higgins points out there are common threads that could be studied. Education and healthcare are two primary targets.
“Both are seen as having deep pockets and plenty of attack surfaces, so it is open season for hackers,” Higgins warns. Even museums, such as the Cincinnati Museum Center attack, are not immune to attacks. They are seen as well-insured and bonded public trusts with deep pockets and motive to pay a ransom quickly. There is no word in this week’s examples as to whether the ransom was paid.
“Many companies feel compelled to pay to get their businesses back up and running, but the public doesn’t often hear about it. And, frankly by the time a ransom is paid, irreparable damage has already been suffered,” says Higgins.
The conflict in Ukraine has provided a ripe atmosphere for hackers. Many IT resources are tied up elsewhere and people are sensitive to the war. They might open emails with ransomware payloads disguised as Ukraine’s humanitarian aid efforts.
Higgins advises MSPs to monitor headlines, search for patterns, connect dots, and then harden and fortify defenses where the threats seem more acute.
“While all the traditional defenses shouldn’t be ignored, sometimes the best defense is simply watching the news,” he says.
Photo: JLStock / Shutterstock
everyone is an open target. just be prepared so that you are not added to the list of victims. getting the info out there to be aware and make sure people are careful
everyone is an open target. just be prepared so that you are not added to the list of victims. getting the info out there to be aware and make sure people are careful
everyone is a target, just have a plan and dont’ be the next one on the list
Ransomware is so frustrating because many people don’t understand what is okay to click on and what is not. It is a constant struggle for companies and MSPs and the only way to protect themselves is through layers of security/protection, but more importantly education.
I appreciate Tony’s observation and suggestion to be aware of the attack patterns in the cyber criminal space. At the same time, it is my belief that everyone must trend to elevating security posture no matter what vertical one is in. The 5 examples shared here represent a very short list of what has likely transpired recently in relation to ransomware events.
It’s unfortunate how many breaches are occurring, but we must learn from them in order to further protect ourselves.
Good suggestion to keep up with current news since breaches are constantly occuring.
Although unfortunate, it is good to be aware of ransomware attacks that are occurring daily.
At present we are not secure on any online platform. Hackers play with your information all the time. They can hack anyone’s information at any moment. So we should make all kinds of accounts more secure.