Going for the Gold: Ransomware Attacks at an All-Time High

From the department of “records we didn’t want to see broken” comes this bit of news: The 4th quarter of 2020 brought a new high in the number of ransomware attacks.

As you probably know, the sudden shift to a work-from-home (WFH) environment as a result of the pandemic created a huge range of security flaws for hackers to exploit. And exploit they did, hitting the manufacturing sector, for one, with more than double the frequency of any previous year.

Hardest hit was the computer and electronic product manufacturing vertical, with machinery manufacturing and chemical manufacturing not far behind. Other popular targets were healthcare and public administration, which combined with manufacturing, accounted for more than half of all ransomware attacks in 2020 and early 2021.

Before you breathe a sigh of relief because your business doesn’t fall into any of those categories, remember that almost half of all attacks were therefore in other segments. Besides the bonanza of opportunity afforded by the WFH environment, at least three disturbing trends reared their heads in 2020 or early 2021:

  • Ransomware increasingly shifted to an extortionware model. Before, you might have been able to work around having your systems locked down if you had complete and current backups. Now, instead of just holding your data hostage, malware purveyors threaten to publish it on the Dark Web if the ransom isn’t paid. In other words, your backups won’t protect you.
  • Ransomware as a Service (RaaS) became more available. In a nutshell, anyone with Dark Web access can now buy ransomware off the shelf (in return for a split of the ransom proceeds with the developers). No programming skills are required to threaten the existence of your business.
  • Scalability became a new worry, as evidenced in the Kaseya attack where more than 1,000 companies were affected by a single penetration of this cloud-based software provider.

The best way to recover from a ransomware attack, of course, is not to have one in the first place. And for that the advice remains the same: Seek out IT professionals to make sure you’re as protected as possible and train employees against phishing and other common methods of penetrating your systems.

Even then there are no guarantees, so make sure you’re adequately covered for cyber liability as well. With all the recent innovation by the bad guys, it feels like a question of when, not if, a given business will be attacked.

Questions about ransomware or cyber liability coverage? Contact Consolidated Insurance.