The frequency of ransomware attacks increased in the second quarter of the year with a big spike in June, according to the IBM Security X-Force Incident Response team.
IBM have stated that ransomware threat actors have been putting a lot of work into updating their tools and methods to counteract the cyber security improvements that companies have been making to either recover from or prevent further ransomware attacks.
Cyber criminal groups have also started to merge their ransomware attacks with data theft and extortion tactics. As part of their strategy, the cyber attackers steal sensitive information from their victim’s computer systems before encrypting them. If the victims refuse to pay for the decryption key (the nature of ransomware attacks), the attackers then threaten to release the stolen information publicly, as well as on the dark web for other cyber criminals to utilise and exploit.
Worringly IBM have indicated that ransomware attacks are affecting manufacturing companies the hardest making up almost 25% of the incidents this year. The professional services sector is the second most targeted industry group making up 17% of ransomware attacks with government organisations in third place with 13%.
The ransomware demands from cyber criminals upon their victims has also increased significantly whereby some have asked victims to pay more than $40 million for decryption keys, whereas a few years ago an average of just $1,200 per attack was demanded.
It is clear that with the rise of the Coronavirus, cyber criminals have been exploiting companies across the world as much as possible and taking advantage of the lack of cyber security procedures companies have in place especially for home workers. The distraction of the pandemic has been a key factor in this. As hard as it is for for the sheer number of businesses trying to survive and treading water financially through the pandemic, companies need to ensure their business has solid cyber security layers in place. These then need to be managed proactively and effectively by a qualified IT Department and with employees trained to understand the mainstream cyber security threats, how to spot them and how to prevent a compromise from occurring.
Especially at this difficult time, preventing a cyber attack and avoiding data and further financial losses as a result of criminal exploits, will mean the difference between your business continuing to trade or simply closing down, regardless of the economic and health impacts already affecting it.