New data based on tracked, publicly-confirmed ransomware attacks shows that downtime – and the associated cost – is increasing at an alarming rate as nearly half of attacks see a ransom paid.
Taking a look back at last year provides some unique insight into the current state of ransomware attacks. We know that the cybercriminal gangs who create the malware are seeing their efforts as a legitimate business, seeking to increase “revenues” each year. So, by looking at how the state of the attack has changed year over year – something covered by Comparitech’s analysis of ransomware attacks in 2021, we can make some predictions about the future.
There are some notable increases seen in the data they provide:
- The total estimated cost of downtime in the U.S. in 2021 was $159.4 Billion – a 12% rise from 2020
- The average downtime duration is 22 days – a 23% increase from 2020
- Ransom amounts ranged from $5,500 to $40 million (in two cases!)
But there are also some equally notable decreases
- The number of individual records was down 32% in 2021 from 2020
- The number of individual ransomware attacks was down 7% from 2020
Put this all together and there are some educated assumptions that can be made:
- Ransomware gangs are getting better at gaining access to and moving laterally across victim networks, giving them access to more of the environment to encrypt (resulting in longer downtime).
- There is less focus on record-based data (e.g., customer records), as ransomware gangs shift to simply exfiltrate and extort the ransom by threatening to publish the data, using encryption to ensure victims take notice.
- Ransomware attacks are becoming more targeted, with specific industries and companies in the line of sight.
With the very real threat of both encryption of your environment, as well as data theft and extortion putting every organization at risk, it’s critical to look at the core initial attack vectors. Phishing has continued to dominate over the last 3 years as a primary entry point for ransomware attacks, so organizations need to shore up any risk of users receiving and interacting with malicious web and email content. Security Awareness Training aids in reducing the risk of successful initial attack by educating users about the dangers found and the methods used in these types of email- and web-based attacks.