According to a new report by the Canadian Centre for Cyber Security, global ransomware attacks – where hackers infect a device with malware and demand a ransom to decrypt files – increased by 151 per cent in the first half of 2021 compared to the first half of the previous year.
According to the Centre, 2021 saw the highest ransoms and the highest payouts to date. After a period of rapid growth between 2019 and 2021, known ransom payments have stabilised at around $220,000. However, the global average total cost of recovery from a ransomware incident has more than doubled, increasing from $1.1 million in 2020 to $2.5 million in 2021.
Of the 235 known ransomware incidents against Canadian victims from January 1 to November 16, 2021, more than half affected critical infrastructure providers. However, most ransomware events remain unreported. “The increased impact and scale of ransomware operations from 2019 to 2021 has been largely fuelled by the growth of the Ransomware-as-a-Service (RaaS) business model, by which developers sell or lease ransomware to other cybercriminals,” states the Cyber Centre report.
“The key reason we’re seeing more ransomware attacks is because they’re successful,” says cybersecurity expert Paul Haskell-Dowland, Associate Dean (Computing and Security) at Edith Cowan University. “What drives ransomware is money, and ransomware has proven to be very lucrative for cybercriminals.”
Haskell-Dowland describes ransomware as the “ultimate weapon”. “If you have a successful deployment of ransomware, an organisation is completely stopped in their tracks and prevented from engaging in any business,” he says. A cyberattack may leave an organisation unable to perform transactions, find records or produce goods, or locked out of invoicing and finance systems, including payroll and HR. “From an organisational perspective, you’re in a difficult situation.”
For this reason, organisations frequently pay up. In May 2021, a cyberattack on Colonial Pipeline Co resulted in a five-day shutdown of the largest gasoline pipeline in the United States. Ransomware targeted the company’s IT systems, leaving it unable to bill users. Colonial Pipeline paid the ransom of 75 bitcoin, or $4.4 million, within hours of the attack. However, the restoration of the pipeline’s operations proved slow, and some states experienced gas shortages and price hikes as a result.
According to the Cyber Centre report, the Colonial Pipeline attack “shows some of the key trends of ransomware in 2021: brazen, sophisticated, increasing in frequency, and, for the cybercriminals, very profitable.”
What to do if your organisation experiences a ransomware attack
“The first step is not to panic,” says Haskell-Dowland. “Often, the responses that people do in panic mode cause more problems than they solve. Take stock of the situation, determine how impacted you are, and what the threat is to your organisation.”
An accurate risk assessment relies on knowing your organisation well, says Haskell-Dowland. “One of the big challenges in cyber is that a lot of organisations don’t know what their assets are – they don’t know what they’ve got and how it’s connected.”
In the event of a live incident, a disaster recovery plan outlining who’s responsible for what is critical to prevent the spread of ransomware through an organisation’s network. “[Have] the right team of people ready to go,” Haskell-Dowland advises.
As always, prevention is better than cure. Implement “standard cyber hygiene” and make sure systems are kept patched and up to date, says Haskell-Dowland. Cybersecurity education and awareness are vital to ensure staff understand their role in an organisation’s cybersecurity defences. “One of the key parts of the equation is the people,” Haskell-Dowland says. “Unfortunately, they are typically the source of incidents in organisations, either deliberately or accidentally.” The best defences “can be destroyed by one person making one silly mistake”.