The first step in taking on ransomware is assuming that you will be victimised – it ’ s just a matter of when .
• Infrastructure-related businesses account for 10 % of all the attacks the company studied .
• The ransom amount is increasing dramatically and now the average ransom ask per incident is over US $ 10 million . A total of 8 % of the incidents had a ransom ask less than US $ 10 million and 14 % of the incidents had a ransom ask greater than US $ 30 million . and demand payment in exchange for a promise to not publish or sell the data to other criminals . Since criminals cannot be trusted , victims who pay are often contacted several months later and asked for another payment to keep the stolen data secret . Some ransomware criminals will accept payment but sell the data anyway .
Ransomware attacks are becoming pervasive across the globe . Just under half ( 44 %) of the attacks in the past 12 months hit US organizations . In comparison , 30 % of the incidents happened in EMEA , 11 % were in Asia Pacific countries , 10 % were in South America and 8 % were in Canada and Mexico .
Barracuda researchers identified and analyzed 121 ransomware incidents that occurred between August 2020 and July 2021 and saw a 64 % increase in attacks , year over year .
Cybercriminals are still heavily targeting municipalities , health care and education but attacks on other businesses are surging :
Ransomware attack patterns are evolving as well .
Fleming Shi , CTO , Barracuda , said : “ Attackers often start with small organisations that are connected to the larger targets and then work their way up . All of us in the security industry have an obligation to turn sophisticated technology into products and services that can be easily consumed by customers .”
• Attacks on corporations , such as infrastructure , travel , financial services and other businesses made up 57 % of all ransomware attacks between August 2020 and July 2021 , up from just 18 % in the 2020 study .
Instead of simply relying on malicious links and attachments to deliver ransomware , cybercriminals are leveling up their tactics .
First , attackers will find ways to steal credentials through phishing attacks and then they will use the stolen credentials to challenge the web applications used by the victim . Once the application has been compromised , the attacker can introduce ransomware and other malware into the system . This can go on to infect your network as well as users of your application .
It ’ s important to note that web applications have many forms , including those enabling users to work from home . A web portal for a segment of your IT infrastructure is just as dangerous as a full-blown SaaS application . On multiple occasions in the past year , attackers exploited an application vulnerability to gain control of the application infrastructure and eventually target the most valuable data to encrypt .
Since the wider adoption of cryptocurrency , Barracuda has also seen a correlation of increased ransomware attacks and higher ransom amounts . With increased crackdown on bitcoin and successful tracing of transactions , criminals are starting to provide alternative payments methods , such as the REvil ransomware gang asking for Monero instead of bitcoin .
However , Barracuda also saw multiple instances of victims reducing ransom payments by deploying