Utilities and infrastructure, government agencies, hospitals and healthcare institutions, schools, food production and distribution industries–even ferry service to Martha’s Vineyard, all have been attacked by cybercriminals using ransomware, probably now the most used kind of exploit of network systems.
“Even as we speak there are thousands of attacks on all aspects of the energy sector and the private sector generally…it’s happening all the time,” said Energy Secretary Jennifer Granholm to CNN.
In the first 6 months of 2022, thirty-four percent of all cyber insurance claims were due to ransomware, with an average ransom paid out by the insurance company (during the same period) was $255,000. In 2021, ransomware payments stood at $102.3 million a month—an increase of 518% from 2020. Typically, a single victim (usually a business) is hit for $50 million, up from $30 million in 2020. Sixty-eight different ransomware variants are known at present, the most notable being REvil, Sodinokibi, Darkside, Avaddon, and Phobos. The attack vector most used is business email compromise (BEC), arising from phishing emails that contain links or files that load ransomware. It has risen 97.25% since 2016.
Ransomware timeline:
1989 – AIDS trojan may be the first ransomware, originally sent by floppy disk.
2005 – First modern strains of ransomware.
2009 – Malware begins encrypting files.
2010 – 10,000 samples of ransomware discovered; some now use Bitcoin for ransom payments and screen locking functions.
2013- 100,000 ransomware samples discovered.
2014- 250,000 ransomware samples discovered; total of $30 million paid out.
2015- 4 million ransomware samples discovered; Ransomware-as-a-Service emerges.
2016 – 4000 exploits per day, up 300% from 2015; a hospital pays out $17,000; total cost greater than $1 billion.
2017 – Nation state-sponsored WannaCry and NotPetya spread over entire planet.
2018 – “Big game hunting” targeting large organizations and governments emerges. $1.5 trillion estimated a year.
2019 – 33% of companies paid ransom, 22% never got access to their data, and 9% were attacked again. State and local governments attacked. One local government pays almost half a million dollars.
2020 – A financial firm pays out $40 million; civilian infrastructure attacks become prominent.
January 2021 – Europol, the FBI, the UK’s National Crime Agency, and law enforcement agencies from Canada, France, Germany, Lithuania, the Netherlands, and Ukraine collaborated in the takedown of the Emotet botnet. As the most widely-distributed malware on an industrial scale, Emotet included several hundred servers managing a botnet consisting of over 1.6 million computers and devices. Emotet malware allows installation of other malware like ransomware. CISA Launches Ransomware Education Program.
April 2021 – The Institute for Security and Technology (IST) put together [a] coalition teaming up more than 60 software companies, government agencies, cybersecurity firms, financial services companies, academic institutions, and nonprofits to combat ransomware problem. Among the members, Amazon Web Services, Center for Internet Security, Cisco, Citrix, CrowdStrike, Ernst and Young, Deloitte, FireEye, Microsoft, and government organizations including the U.S. Department of Justice, Europol, and the U.K. National Cyber Security Centre (NCSC).
May 2021 – Colonial Pipeline pays $4.4 million to Darkside; Ireland’s Health Service Executive (HSE) refuses to pay out $20 million to the Conti ransomware gang.
June 2021 – A rare success, US JD recovers $2.3 million of $4.4 million ransom paid by Colonial Pipeline to DarkSide. 78.4 million attacks throughout the world. The leaders of the Group of Seven (G7), meet in Cornwall on 11-13 June 2021 determined to beat COVID-19, the build back better initiative, and focus some of their time on ransomware and other cybercrime:
“We also commit to work together to urgently address the escalating shared threat from criminal ransomware networks. We call on all states to urgently identify and disrupt ransomware criminal networks operating from within their borders, and hold those networks accountable for their actions,” read the statement by world leaders.
September 2021 – Ransomware attacks exceed total of 2020 by 17% with 1291 breaches/month.
November 2021 – Emotet back online.
2022 – The list went on:
February – San Francisco 49ers
May – Glen County Office Of Education
May – Opus Interactive
May – Cisco
June – Entrust Corporation
June – Macmillan Publishers
September – LA Unified School District
October – CommonSpirit Health
November – Apprentice Information Systems
December – Rackspace Technology