Check Point researchers issue warning to organizations worldwide against
surging ransomware threats, after conducting a study that revealed a 50% jump
in the daily average of ransomware attacks in the last 3 months alone, compared
to the first half of 2020.
· US
ransomware attacks doubled (~98% increase) in the last 3 months, making it the
#1 most targeted country for ransomware, followed by India, Sri Lanka, Russia
and Turkey
· Ryuk
ransomware now attacks 20 organizations a week
· Percentage
of global healthcare organizations impacted by ransomware double. Healthcare
sector is now #1 most attacked industry in the
Security researchers at Check Point conducted a
global study that showed significant increase in ransomware threat frequency
within the past 3 months. By leveraging their threat intelligence engine,
Threat Cloud, Check Point researchers calculated a number of insights and
observations around the latest global ransomware trends. Threat Cloud is
derived from hundreds of millions of sensors worldwide that are supplemented
with AI-based engines and exclusive research data from Check Point Research.
Key Insights:
· Daily average of ransomware attacks jumped 50% in
last 3 months, compared to 1st half of 2020
· Ryuk ransomware now attacks 20 organizations a week
· Percentage of healthcare organizations impacted by
ransomware globally nearly double, making it the #1 most attacked sector in the
· Top 5 countries ranked by the most ransomware
attacks in the last 3 months:
1. US (~ 98.1% increase)
2.
3.
4.
5.
· Top 5 global industries most impacted by ransomware
threats in the last 3 months
1. Communications
2. Education & Research
3. Government & Military
4. Software vendors
5. Utilities
· Top ransomware types in last 3 months: Maze and
Ryuk
Why Now? Check Point’s Head of Threat Intelligence,
Lotem Finkelsteen, explains:
“Ransomware
is breaking records in 2020. Ransomware trends began with the advent of the
coronavirus pandemic, as organizations scrambled to enact remote workforces,
leaving significant gaps in their IT systems. However, the last three months
alone have shown alarming surges of ransomware attacks. The natural follow-up
question is why now? I think some of the primary drivers are:
1.More sophisticated attacks, such as Double
Extortion. In this attack
type, hackers first extract large quantities of sensitive information, prior to
encrypting a victim’s databases. Afterwards, attackers will threaten to publish
that information unless ransom demands are paid, placing substantial pressure
on organizations to meet hackers.
2.Willingness to pay. Hackers deliberately choose a ransom price
that targets are more willing to pay. This way, victims of ransomware opt to
simply pay the price, instead of dealing with the headache and time required to
recover their IT systems. Furthermore, targets are more willing to pay in order
to avoid additional stress given the challenging economic times we’re living in
due to coronavirus. Though, this can change once coronavirus is behind us.
Unfortunately, paying the ransom creates a vicious cycle: the more these type
of attacks "succeed", the more frequently they occur.
3.Emotet’s return opens new entry-points. After a five-month absence, Emotet has surged
back to 1st place in the Most Wanted Malware Index, impacting 5% of
organizations globally. Emotet is an advanced, self-propagating and modular
Trojan. It was originally a banking Trojan, but has recently been used as a
distributor of other malware or malicious campaigns. Emotet operations sell
their infected victim's details to ransomware distributers, and because they
are already infected, these victims are vulnerable to more attacks. This makes
ransomware attacks even more "effective" to the attacker since more
infected targets means more entry points for ransomware attacks.
Unfortunately, I suspect ransomware threats to get
far more worse as we turn the new year. I strongly urge organizations
everywhere to be extra vigilant.”
How Organizations can protect themselves
· Train your people. Training
and educating users on how to identify and avoid potential ransomware attacks
is crucial. As many of the current cyber-attacks start with a targeted email
that does not even contain malware, but only a socially-engineered message that
encourages the user to click on a malicious link, user education is often considered
as one of the most important defenses an organization can deploy.
· Continuously backup your data : Maintaining regular backups of data as a routine
process is a very important practice to prevent losing data, and to be able to
recover it in the event of corruption or disk hardware malfunction. Functional
backups can also help organizations to recover from ransomware attacks.
· Patch your systems:
Patching is a critical component in defending against ransomware attacks, as
cyber-criminals will often look for the latest uncovered exploits in the
patches made available and then target systems that are not yet patched. As
such it is critical that organizations ensure that all systems have the latest
patches applied to them as this reduces the number of potential vulnerabilities
within the business for an attacker to exploit.