Ransomware accounts for 38% of all breaches in 2021, healthcare, education top targets

Ransomware attacks on businesses have increased manifold since the Covid-19 pandemic. A new research report by US-based cyber exposure firm Tenable revealed that almost 38% of all data breaches in 2021 were directly as a result of ransomware attacks. Of this, the healthcare sector alone accounted for 36.2% of all the security breaches. This was closely followed by the education sector, which represented 24.7% of all data breaches.

The research further said that in 2020 alone, ransomware groups reportedly earned $692 million, about 380% more than the combined total of $144 million they earned in 2013-19.

According to Tenable, one of the main reasons ransomware has prospered is due to the advent of ransomware-as-a-service (RaaS), which has “catapulted ransomware from a fledgling threat into a force to be reckoned with”. The technique has “significantly lowered the barrier of entry, allowing cybercriminals who lack the technical skills to commoditise ransomware,” it said.

The success of RaaS has also attracted other players such as affiliates and initial access brokers (IABs) who play prominent roles within the ransomware ecosystem – oftentimes more than ransomware groups themselves.

The report showed that affiliates who earn between 70%-90% of the ransom payment, are charged with the task of doing the dirty work to gain access to networks through tried-and-true methods such as spearphishing, deploying brute force attacks on remote desktop protocol (RDP) systems, exploiting unpatched or zero-day vulnerabilities and purchasing stolen credentials from the dark web.

Affiliates may also work with IABs, which are individuals or groups that have already gained access to networks and are selling access to the highest bidder. Their fees range on average from $303 for control panel access to as much as $9,874 for remote desktop protocol (RDP) access. 

The research found that ransomware’s current dominance is directly linked to the emergence of a technique known as double extortion. The tactic, pioneered by the Maze ransomware group, involves stealing sensitive data from victims and threatening to publish these files on leak websites, while also encrypting the data so that the victim cannot access it.

Ransomware groups have recently added a variety of other extortion techniques to their repertoire, including launching DDoS attacks to contacting customers of their victims, making it even more challenging for defenders. These tactics are part of the ransomware gangs’ arsenal for placing additional pressure on victim organisations.

“With RaaS and double extortion, Pandora’s Box has been opened, and attackers are finding holes in our current defences and profiting from them,” said Satnam Narang, senior staff research engineer, Tenable.

“CERT-In noted that the country witnessed double the ransomware attacks in 2021 compared to 2020, leading to more organisations paying ransoms,” he added.   

In 2021, “double extortion” ransomware increased by 117% globally, said the report.