Ransomware Threat Surge, Ryuk Attacks About 20 Orgs Per Week
Malware researchers monitoring ransomware threats noticed a sharp increase in these attacks over the past months compared to the first six months of 2020.
At the top of the list are Maze, Ryuk, and REvil (Sodinokibi) ransomware families, according to recently published data from Check Point and IBM Security X-Force Incident Response team.
Both companies observed a surge in ransomware incidents at a global level between June and September, with some threats being more active than others.
Also Read: 4 Easy Guides To Data Breach Assessment
Healthcare sector under attack
Data from Check Point referring to the third quarter of the year shows that Maze and Ryuk were the most prevalent ransomware families, with the latter attacking, on average, 20 companies per week.
According to a report from Check Point today, Ryuk increased its activity in July and focused mostly on healthcare organizations, which are already under heavy stress from the pandemic and can’t afford to have their systems down.
The company says that ransomware attacks increased by 50% at a global level in the third quarter of 2020 and that Ryuk and Maze were the most prevalent threats. In the U.S. these attacks almost doubled in the third quarter, placing it high in the top-five most affected countries in Q3:
- U.S. (98.1% increase)
- India (39.2% increase)
- Sri Lanka (436% increase)
- Russia (57.9% increase)
- Turkey (32.5% increase)
Based on data from incident response engagements, IBM notes that ransomware threats “appeared to explode in June 2020,” when they dealt with a third of all such events recorded up to September.
In late September, the company reported that Maze accounted for 12% of all the ransomware attacks its X-Force Incident Response team investigated this year.
The most prevalent ransomware strain IBM’s task force encountered, though, was Sodinokibi (REvil), seen in 29% of the incidents they investigated in 2020.
As per IBM’s analysis, REvil claims more than 140 victims in wholesale, manufacturing, and professional services, most of them from the U.S. The company estimates that 36% of them paid the ransom demand.
With requests between $1,500 and $42 million, IBM believes that the REvil ransomware group netted a profit of at least $81 million this year.
The third most prevalent ransomware IBM saw in 2020 is EKANS (Snake) – responsible for 6% of the incidents – which can kill processes related to industrial control system (ICS) operations.
Ransomware attacks have been so profitable for cybercriminals that there is almost no chance of this threat to disappear any time soon, especially with evolved tactics (stealing data and leaking or selling it on the dark web) designed to force a ransom payment.
Continuous data backups stored offline are still a good practice that can ensure faster recovery from such an attack, as is applying security updates in a timely fashion and restricting or disabling remote access to the company’s internal network.
Also Read: 7 Client Data Protection Tips To Keep Customers Safe
0 Comments