Half of investigated incidents in 2021 connected to ransomware: Kaspersky

Half of investigated incidents in 2021 connected to ransomware: Kaspersky

Between January 2021 to November 2021, every second security incident investigated by Kaspersky was related to ransomware, according to a report by the Russian cybersecurity company.  

The percentage shows a 12% increase in attacks as compared to the same period in the 2020 fiscal.  

Ransomware is arguably the most spoken word among enterprise IT security this year, and has been infamous for bringing down critical infrastructures such as the gas pipelines of colonial pipeline in April 2021, and also Ireland’s National Health Services mission.   

Ransomware hackers have also refined their arsenal, focusing on a fewer but more targeted attacks, aimed at large-scale organisations. There were also reports of a full-fledged underground ecosystem that supports the operations of ransomware.  

Also read: Indian firms faced more ransomware attacks than any other country in 2021, report

For the first 11 months of 2021, Kaspersky’s incident response team had 46.7% of total calls from ransomware-related incidents. This number was at 37.9% in 2020 and 34% in 2019.  

The most common targets were companies belonging to the industrial and government sector, which together accounted for 50% of all ransomware-related incident response requests in 2021. Other well-known targets were companies in the IT and the financial services sector.  

“Ransomware operators aren’t just encrypting data; they’re stealing it from critical, large-scale targets and threatening to expose the information if the victims don’t pay. And Ransomware 2.0 isn’t going anywhere in the coming year,” said Vladimir Kuskov, Head of Threat Exploration at Kaspersky.  

What’s in store for 2022? 

For 2022, Kaspersky said that ransomware gangs are likely to construct linux builds of ransomware to maximise their attack surfaces. Some of the ransomware gangs that are known to target Linux operating systems are RansomExx and DarkSide.  

Also read: Ransomware-as-a-service: What CISOs need to know

Secondly, ransomware operators are expected to focus more on financial blackmail, a term used to describe bad operators who threaten to leak information about companies especially during times of critical financial events, such as planning to go public, or undergoing a merger or an acquisition.