zephyr_p - stock.adobe.com

Ransomware attacks increase dramatically during 2021

Dramatic increase in ransomware attacks globally during first half of 2021 driven by triple extortion technique, and is only set to expand further

The frequency of ransomware attacks has increased dramatically over the past year, with 93% more carried out in the first half of 2021 than the same period last year, according to Check Points mid-year security report.

The surge in attacks has been fuelled by the rise of the “triple extortion” ransomware technique whereby attackers, in addition to stealing sensitive data from organisations and threatening to release it publicly unless a payment is made, are also targeting the organisations customers, vendors or business partners in the same way.

Accompanying the dramatic increase in ransomware attacks, organisations have also experienced a 29% increase in the number of cyber attacks globally, with the highest growth seen in the Europe Middle East and Africa (EMEA) region and the Americas, at 36 and 24% respectively.

While the Asia-Pacific (APAC) region only saw an increase in attacks of 13%, it experienced the highest number of cyber attacks weekly at 1,338. EMEA’s weekly number was 777, while the Americas was at 688 per week.

The report further noted a step up in the number of attacks targeting supply chains during 2021, including the high-profile attack on SolarWinds from December 2020, as well as the attacks on Codecov in April and, most recently, Kaseya in July.

Following the takedown of the Emotet botnet operation, which was fully eliminated in April 2021, the report also noted that a number of other malwares – including Trickbot, Dridex, Qbot and IcedID – are quickly gaining popularity.

“In the first half of 2021, cyber criminals have continued to adapt their working practices to exploit the shift to hybrid working, targeting organisations’ supply chains and network links to partners to achieve maximum disruption,” said Maya Horowitz, vice-president of research at Check Point Software.

“This year, cyber attacks have continued to break records and we have even seen a huge increase in the number of ransomware attacks, with high-profile incidents such as Solarwinds, Colonial Pipeline, JBS or Kayesa. 

“Looking ahead, organisations should be aware of the risks and ensure that they have the appropriate solutions in place to prevent, without disrupting the normal business flow, the majority of attacks including the most advanced ones.”

The report also makes a number of predictions for the second half of 2021, including that ransomware attacks will continue to proliferate in spite of increased investment from governments and law enforcement agencies – in particular, from the Biden administration in the US.

The specific trend in triple extortion is also set to grow even further, and will require organisations to establish “collateral damage” strategies to deal with the fallout of attacks that can affect multiple organisations at once.

A separate report from Palo Alto Network’s Unit 42 in May 2021 found that extortion via ransomware had become a highly lucrative business, with the average ransom being paid by victim organisations in Europe, the US and Canada almost trebling between 2019 and 2020.

Check Point’s report added that while authorities are likely to enjoy some successes as a result of increasing investment and the deployment of more advanced tools, threat actors will also evolve and new ransomware groups will emerge, who will also have access to better tools.

Over the past two years, for example, the report notes there has been an acceleration in the use of penetration tools such as Cobalt Strike or Bloodhound, granting hackers live access to compromised networks and allowing them to change their attacks on the fly.

Lat year, Check Point’s mid-year report found that cyber attacks were up one-third at the end of June compared to March and April 2020, which was largely driven by pandemic-related developments.

Read more about ransomware

Next Steps

Researchers argue action bias hampers incident response

Read more on Security policy and user awareness