Ransomware Still Going Strong: An Analysis of Recent High-Profile Attacks

Introduction

Ransomware continues to be one of the most disruptive and costly cyber threats facing organizations today. As someone who has closely followed the evolution of ransomware over the years, I wanted to provide an in-depth analysis of some of the major ransomware events from the past couple of years. My goal is to identify key trends, new developments, and insights that IT and cybersecurity professionals can use to better defend against these attacks.

Recent Major Ransomware Attacks

Colonial Pipeline (May 2021)

The ransomware attack on Colonial Pipeline was one of the most significant cyber events of 2021. The attackers encrypted Colonial’s network and demanded a $5 million ransom to restore operations. With gasoline delivery disrupted in multiple states, it highlighted the major real-world impacts ransomware can have.

Key Takeaways:

• Targeting critical infrastructure carries more leverage for extortion
• Even air-gapped systems can be vulnerable if accessed remotely
• Resource-intensive manual operations required for recovery

JBS Foods (May 2021)

Soon after Colonial Pipeline, JBS Foods, the world’s largest meat processor, was hit by a ransomware attack that disrupted production around the world. The attack forced many of their plants to close and led to concerns over meat shortages.

Key Takeaways:

• Ransomware actors maximizing profits by targeting high-revenue companies
• Attack affected global supply chain
• Paid $11 million ransom

Kaseya (July 2021)

The REvil ransomware gang exploited vulnerabilities in Kaseya’s VSA software to compromise over 1,000 companies simultaneously. Many managed service providers (MSPs) and their customers were impacted.

Key Takeaways:

• Mass ransomware campaigns via supply chain compromise is an escalating threat
• MSPs and cloud providers are high-value targets
• Estimated over $70 million paid in ransom

Recent Ransomware Trends

Ransom Demands Growing Exponentially

Early ransomware attacks often involved demands of just hundreds of dollars. Now, ransoms regularly are in the millions, and some recent cases have exceeded $50 million. Attackers continue to ratchet up the pressure on victims.

Double Extortion Becoming More Common

Many ransomware gangs now engage in “double extortion”, where they not only encrypt files but also steal data and threaten to publish sensitive information if the ransom isn’t paid. This puts additional leverage on victims to pay.

Ransomware-as-a-Service Proliferating

The Ransomware-as-a-Service (RaaS) model has opened up ransomware capabilities to more threat actors. RaaS offerings lower the barrier to entry and mean more organizations face the risk of ransomware.

Supply Chain Attacks Expanding

As seen in cases like Kaseya and SolarWinds, targeting key supply chain vendors allows ransomware groups to significantly multiply the impact of a single breach. More supply chain attacks expected.

Recommendations for Protection

Based on recent trends, I recommend organizations prioritize the following to improve ransomware defenses:

• Back up critical data regularly and keep backups offline. Make sure backups are fully isolated from the network to enable recovery without paying the ransom.

• Evaluate and patch rapidly for any critical vulnerabilities. Aggressively monitor threat intelligence sources for new vulnerabilities being exploited by ransomware actors.

• Implement robust security awareness training. Educate all users on detecting social engineering and malicious attachments/links which are common infection vectors.

• Segment internal networks and limit lateral movement. Prevent ransomware from propagating across the entire network by dividing it into segments via firewalls.

• Require multifactor authentication everywhere. Enforce MFA to prevent credential theft and require approval for remote access.

Ransomware groups will continue innovating, so defenses must keep pace. However, by taking the threat seriously and dedicating resources to mitigation, organizations can substantially reduce their risk. Going forward, collaboration and information sharing across industries will be key to combating ransomware.

Conclusion

In closing, recent ransomware incidents underscore how debilitating and costly these attacks can be. However, by learning from past cases and making cyber resilience a top priority, businesses can adapt their defenses and become much harder targets. While ransomware is likely to remain a challenge, the threat is manageable with proactive planning and investment.