Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Global ransomware attacks skyrocketed in past 3 months: Check Point Research

October 2020 by check point

Security researchers at Check Point have conducted a global study that showed significant increases in ransomware attack frequency during the past 3 months. Their data shows:

• Daily global average of ransomware attacks jumped 50% in last 3 months, compared to 1st half of 2020
• Ryuk ransomware now attacks 20 organizations a week
• Percentage of global healthcare organizations impacted by ransomware double. Healthcare sector is now #1 most attacked industry in the US
• The top 5 countries ranked by the most ransomware attacks in the last 3 months:

1. US (98.1% increase)
2. India (39.2% increase)
3. Sri Lanka (436% increase)
4. Russia (57.9% increase)
5. Turkey (32.5% increase)

• Top 5 global industries most impacted by ransomware threats in the last 3 months

1. Communications
2. Education & Research
3. Government & Military
4. Software vendors
5. Utilities

• Top ransomware types in last 3 months: Maze and Ryuk

Check Point’s Head of Threat Intelligence, Lotem Finkelsteen said:: “Ransomware is breaking records in 2020. The increase in ransomware attacks began with the advent of the coronavirus pandemic, as organizations scrambled to enact remote workforces, leaving significant gaps in their IT systems. However, the last three months alone have shown alarming surges in ransomware attacks, and I suspect the ransomware threat to get far more worse as we approach the new year. I strongly urge organizations everywhere to be extra vigilant.”

According to Finkelsteen, the main drivers behind the surge in attacks are:

1. More sophisticated attacks, such as Double Extortion. In this attack type, hackers first extract large quantities of sensitive information, prior to encrypting a victim’s databases. Afterwards, attackers will threaten to publish that information unless ransom demands are paid, placing substantial pressure on organizations to meet hackers.
2. Willingness to pay. Hackers deliberately choose a ransom price that targets are more willing to pay. This way, victims of ransomware opt to simply pay the price, instead of dealing with the headache and time required to recover their IT systems. Furthermore, targets are more willing to pay in order to avoid additional stress given the challenging economic times we’re living in due to coronavirus. Though, this can change once coronavirus is behind us. Unfortunately, paying the ransom creates a vicious cycle: the more these type of attacks "succeed", the more frequently they occur.
3. Emotet’s return opens new entry-points. After a five-month absence, Emotet has surged back to 1st place in Check Point’s Most Wanted Malware Index, impacting 5% of organizations globally. Emotet is an advanced, self-propagating and modular Trojan. It was originally a banking Trojan, but has recently been used as a distributor of other malware or malicious campaigns. Emotet operations sell their infected victim’s details to ransomware distributers, and because they are already infected, these victims are vulnerable to more attacks. This makes ransomware attacks even more "effective" to the attacker since more infected targets means more entry points for ransomware attacks.

How Organizations can Protect themselves

• Train employees. Training and educating users on how to identify and avoid potential ransomware attacks is crucial. As many of the current cyber-attacks start with a targeted email that does not even contain malware, but only a socially-engineered message that encourages the user to click on a malicious link, user education is often considered as one of the most important defenses an organization can deploy.
• Continuously backup your data : Maintaining regular backups of data as a routine process is a very important practice to prevent losing data, and to be able to recover it in the event of corruption or disk hardware malfunction. Functional backups can also help organizations to recover from ransomware attacks.
• Patch your systems: Patching is a critical component in defending against ransomware attacks, as cyber-criminals will often look for the latest uncovered exploits in the patches made available and then target systems that are not yet patched. As such it is critical that organizations ensure that all systems have the latest patches applied to them as this reduces the number of potential vulnerabilities within the business for an attacker to exploit.

By leveraging their global threat intelligence engine, ThreatCloud, Check Point researchers calculated a number of insights and observations around the latest global ransomware trends. Threat Cloud is derived from hundreds of millions of sensors worldwide that are supplemented with AI-based engines and exclusive research data from Check Point Research.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts