Ransomware surged in 2021 and is showing no signs of slowing down in 2022 due to the continuing pandemic and the conflict in Ukraine.
According to Barracuda Network’s research, attacks on corporations, including infrastructure, travel, financial services, and other businesses, made up 57 percent of all ransomware attacks with infrastructure-related businesses account for 11 percent of all the attacks. And, let’s not forget the supply chain ransomware attacks which made headlines last year.
Learning from others’ mistakes and misfortunes can sometimes be the best defense against a hack.
“I tell all of my clients to stay ‘plugged in’, watch the news, scour Twitter, join associations, and talk to others to see where ransomware attacks are being seen. The best way to defend against an attack can be to see where hackers are targeting,” advises Tony Higgins, a cybersecurity consultant in Boston.
Headline-grabbing breaches of the past 30 days:
- Austin Peay University: End-of-semester exams were derailed, and the ordinarily busy Tennessee campus ground to a halt after the school’s network was frozen due to a ransomware attack. The school reported that students still have access to their meal plans, and payroll had already been processed, so employees were paid on time this week, but final exams were canceled. So, while some students may have cheered, school administrators were left scrambling.
- Kellogg Community College: Meanwhile, in Michigan, classes were stymied when a successful ransomware attack was unleashed. The school issued a statement: “Our investigation is still in its early stages, and we will share updates as soon as we learn more. Out of an abundance of caution, we are initiating a forced password reset for all students, faculty, and staff to secure our network further.”
- Louisville Law Firm: firm, vowing to publish stolen files if not paid. According to reports, extortionists gave Becker Law Office only a few days to respond to their demands, or they would publish files allegedly stolen from the firm.
- The American Dental Association (ADA), which is a dentist and oral hygiene advocacy association providing training, workshops, and courses to its 175,000 members, was hit this weekend by a cyberattack. As a result, shut down portions of their network were shut down during an investigation of the attack.
- Cincinnati Museum Center: One of Cincinnati’s premier tourist destinations was shut down for weeks in March and April as the museum struggled with a ransomware attack. Ticketing systems were offline and kiosk interpretive displays went dark. The attack hit just before the peak spring and summer tourist seasons and cost the center thousands in lost revenue generated by admissions.
- The Works: Hackers hit the British discount stationery and books retailer with ransomware. Some stores in the 500-store chain were forced to shut down as registers, and other inventory systems could not be brought back online.
These ransomware attacks are troubling to cybersecurity experts
“What we are seeing is a ransomware epidemic. Numbers show us that ransomware surged in the past year; when numbers come out for this year, I’m betting it’s even higher,” says Higgins.
“Also, keep in mind, the ones making the news are the tip of the iceberg. For every ransomware attack you read about on the news, there are probably 20 more that companies have managed to keep quiet,” he shares.
In the examples in this week’s article, Higgins points out there are common threads that could be studied. Education and healthcare are two primary targets.
“Both are seen as having deep pockets and plenty of attack surfaces, so it is open season for hackers,” Higgins warns. Even museums, such as the Cincinnati Museum Center attack, are not immune to attacks. They are seen as well-insured and bonded public trusts with deep pockets and motive to pay a ransom quickly. There is no word in this week’s examples as to whether the ransom was paid.
“Many companies feel compelled to pay to get their businesses back up and running, but the public doesn’t often hear about it. And, frankly by the time a ransom is paid, irreparable damage has already been suffered,” says Higgins.
The conflict in Ukraine has provided a ripe atmosphere for hackers. Many IT resources are tied up elsewhere and people are sensitive to the war. They might open emails with ransomware payloads disguised as Ukraine’s humanitarian aid efforts.
Higgins advises MSPs to monitor headlines, search for patterns, connect dots, and then harden and fortify defenses where the threats seem more acute.
“While all the traditional defenses shouldn’t be ignored, sometimes the best defense is simply watching the news,” he says.
Photo: JLStock / Shutterstock