April 12, 2022 • 10 mins
Welcome and thank you for listening to our first episode of Technology Simplified – Tech Talk Everyone Can Understand. In this episode Will Slappey & Scott Curtis discussed current trends in ransomware, how it could affect your business, & some ways to protect yourself and recover in the event of a ransomware attack.
Check out the IT Voice website here:
https://www.itvoice.com/
Follow us on social media:
https://www.facebook.com/itvoicesolutions
https://www.linkedin.com/company/itvoice
https://www.youtube.com/channel/UCjqIcrCfbpSkr6UOTlPBngw
Ransomware trends in 2021 and 2022
•A few key ransomware trends emerged over the course of 2021 and will likely continue into 2022. Attackers realized that certain techniques yield better results and focused on those approaches. Here were some of the primary trends for ransomware in 2021:
•Supply chain attacks. Instead of attacking a single victim, supply chain attacks extended the blast radius. A prime example of a 2021 ransomware attack is the Solar Winds attack, which affected at least 18,000 of customers using their Orion software.
•Double extortion. In the past, ransomware was about attackers encrypting information found on a system and then demanding a ransom in exchange for a decryption key. With double extortion, attackers also exfiltrate the data to a separate location. There, it can be used for other purposes, including leaking the information to a public website if a payment is not received.
•Ransomware as a service (RaaS). Gone are the days when every attacker had to write their own ransomware code and run a unique set of activities. RaaS is a pay-for-use malware. It enables attackers to use a platform that provides the necessary ransomware code and operational infrastructure to launch and maintain a ransomware campaign.
•Attacking unpatched systems. This was not a new trend for 2021, but it is one that continues to be an issue year after year. While there are ransomware attacks that do make use of novel zero-day vulnerabilities, most continue to abuse known vulnerabilities on unpatched systems.
•Phishing. While ransomware attacks can infect organizations in different ways, in 2021, some form of phishing email was more often than not a root cause.
Ransomware statistics for 2021 and 2022
The statistics listed below provide insight into the breadth and growing scale of ransomware threats:
•Ransomware is part of 10% of all breaches. It doubled in frequency in 2021, according to the 2021 "Verizon Data Breach Investigations Report."
•Approximately 37% of global organizations said they were the victim of some form of ransomware attack in 2021, according to IDC's "2021 Ransomware Study."
•The FBI's Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021. This represents a 62% year-over-year increase.
•The Cybersecurity and Infrastructure Security Agency reported in February 2022 that it is aware of ransomware incidents against 14 of the 16 U.S. critical infrastructure sectors.
•Since 2020, there have been more than 130 different ransomware strains detected, according to VirusTotal's "Ransomware in a Global Context" report:
oThe GandCrab ransomware family was the most prevalent at 78.5% of all samples it received, according to VirusTotal.
oNinety-five percent of all the ransomware samples are Windows-based executable files -- or dynamic link libraries -- according
Check out the IT Voice website here:
https://www.itvoice.com/
Follow us on social media:
https://www.facebook.com/itvoicesolutions
https://www.linkedin.com/company/itvoice
https://www.youtube.com/channel/UCjqIcrCfbpSkr6UOTlPBngw
Ransomware trends in 2021 and 2022
•A few key ransomware trends emerged over the course of 2021 and will likely continue into 2022. Attackers realized that certain techniques yield better results and focused on those approaches. Here were some of the primary trends for ransomware in 2021:
•Supply chain attacks. Instead of attacking a single victim, supply chain attacks extended the blast radius. A prime example of a 2021 ransomware attack is the Solar Winds attack, which affected at least 18,000 of customers using their Orion software.
•Double extortion. In the past, ransomware was about attackers encrypting information found on a system and then demanding a ransom in exchange for a decryption key. With double extortion, attackers also exfiltrate the data to a separate location. There, it can be used for other purposes, including leaking the information to a public website if a payment is not received.
•Ransomware as a service (RaaS). Gone are the days when every attacker had to write their own ransomware code and run a unique set of activities. RaaS is a pay-for-use malware. It enables attackers to use a platform that provides the necessary ransomware code and operational infrastructure to launch and maintain a ransomware campaign.
•Attacking unpatched systems. This was not a new trend for 2021, but it is one that continues to be an issue year after year. While there are ransomware attacks that do make use of novel zero-day vulnerabilities, most continue to abuse known vulnerabilities on unpatched systems.
•Phishing. While ransomware attacks can infect organizations in different ways, in 2021, some form of phishing email was more often than not a root cause.
Ransomware statistics for 2021 and 2022
The statistics listed below provide insight into the breadth and growing scale of ransomware threats:
•Ransomware is part of 10% of all breaches. It doubled in frequency in 2021, according to the 2021 "Verizon Data Breach Investigations Report."
•Approximately 37% of global organizations said they were the victim of some form of ransomware attack in 2021, according to IDC's "2021 Ransomware Study."
•The FBI's Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021. This represents a 62% year-over-year increase.
•The Cybersecurity and Infrastructure Security Agency reported in February 2022 that it is aware of ransomware incidents against 14 of the 16 U.S. critical infrastructure sectors.
•Since 2020, there have been more than 130 different ransomware strains detected, according to VirusTotal's "Ransomware in a Global Context" report:
oThe GandCrab ransomware family was the most prevalent at 78.5% of all samples it received, according to VirusTotal.
oNinety-five percent of all the ransomware samples are Windows-based executable files -- or dynamic link libraries -- according
Mark as Played
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
Death, Sex & Money
Anna Sale explores the big questions and hard choices that are often left out of polite conversation.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.