Ransomware attacks become more frequent, say researchers

There has been an alarming rise in ransomware breaches globally, including India, according to recent cyber security research reports.  

In its recent mid-year cyber threats report, Switzerland-based cyber security firm Acronis said, ransomware is worsening with organised groups, like Conti and Lapsus$, are inflicting serious damage. 

The study said that the Conti gang demanding $10 million in ransom from the Costa Rican government and has published much of the 672 GB of data it stole. Lapsus$ stole 1 TB of data and leaked credentials of over 70,000 Nvidia users. The same gang also stole 30 GB worth of T-Mobile’s source code. Also, the US Department of State is concerned, offering up to $15 million for information about the leadership and co-conspirators of Conti. 

Cybercriminals often demand ransoms or outright steal funds from their targets. But companies do not suffer challenges only to their bottom lines. Attacks often cause downtime and other service-level breaches, impacting a company’s reputation and customer experience. In 2021 alone, the Federal Bureau of Investigation (FBI) attributed a total loss of $2.4 billion to business email compromise (BEC). Further, cyberattacks caused more than one-third (36%) of downtime in 2021. 

Not just Acronis, another new report by cyber security firm Barracuda also saw a spike in ransomware to more than 1.2 million per month between January and June of 2022.  

In the past 12 months between August 2021 and July 2022, researchers analysed some 106 highly publicised ransomware attacks and found education (15%), municipalities (12%), healthcare (12%), infrastructure (8%), and financial (6%) are the key targets. The number of ransomware attacks increased year-over-year across each of these five industry verticals, and attacks against other industries like automobile, hospitality, media, retail, software, and technology organisations, more than doubled compared to last year's report.  

Most ransomware attacks don’t make headlines, though, as many victims choose not to disclose when they get hit, and the attacks are often sophisticated and extremely hard to handle for small businesses.  

Parag Khurana, Country Manager, Barracuda Networks India, said, “Ransomware attackers remain defiant and continue to operate their business with extended extortion attempts.”  

According to Verizon Business 2022 Data Breach Investigations Report, published in May 2022, ransomware breaches globally and in India increased by 13% in the past one year, representing a jump greater than the past 5 years combined.  

"The continued explosion of connected devices and widespread digitisation in multiple sectors has increased the likelihood of cyberattacks, especially ransomware," Anshuman Sharma, Head Investigative Response, APJ at Verizon, said, adding that the emergence of "Ransomware as a Service (RaaS), a SaaS-based attack vector and the adoption of cryptocurrency" are contributing factors for the spike.