At this point, most of us are probably aware of ransomware and the damage that it can cause – In 2021 alone, we have seen several high-profile security breaches from large organizations, which have led to massive financial loss and damaged reputations.
Still, though, we are seeing many organizations and key government institutions ignore calls to step up enterprise security despite the clear warning signs. In fact, most federal government institutions are still clinging to legacy systems that are costly to maintain and routinely fail to meet minimum cybersecurity standards. With Ransomware attacks only growing in frequency and severity, organizations must begin to take cybersecurity more seriously or risk leaving themselves wide open to a crippling ransomware attack.
Read this article to find out just how much damage ransomware has caused in 2021 and why you definitely should not ignore it:
Ransomware: By the Numbers
In recent years we have seen the frequency of ransomware attacks explode (350% increase in 2018) as cybercriminals increasingly use Ransomware-as-a-Service (RaaS) and Ransomware kits to carry out their attacks. Originally created by ransomware gang REvil, these tools are readily available on the dark web and significantly reduce the technical knowledge needed to carry out an attack. In other words, these ransomware kits make it easy for almost anyone to target an organization and lock up their data.
Unsurprisingly, we are also seeing a coinciding increase in the severity of these attacks, with global damages estimated at around $20 billion for 2020 alone. This figure represents a 50% percent increase from 2018, with an increased average cost of a ransom of over $8,000 per incident. Additionally, ransomware-induced downtime has increased by over 200% year over year since 2018, which represents a financial loss of $8500 per hour.
These statistics tell us what we already know – Ransomware is a growing issue and that can no longer be ignored.
Top Ransomware Attacks in 2021
Kaseya VSA was a remote monitoring and management platform used by Managed Security Providers (MSPs) to perform various IT functions and is commonly installed on endpoint devices. Simply put, Kaseya VSA was designed to streamline IT operations by centralizing several different management and monitoring functions.
Unfortunately, though, in 2021, Kaseya was hit with a devastating ransomware attack that impacted over 50 MSPs and between 800-1500 companies. This was carried out using zero-day exploits found in Kaseya’s software and has led to the largest ransom demanded to date: $70 million.
2. CNA Financial
CNA Financial, one of the largest insurance providers in the United States, was hit ransomware attack in May of 2021, which led to over 15,000 encrypted company devices and disrupted corporate networks forcing CNA to temporarily shut down all of its services.
Despite their best efforts to restore their data, it was reported that CNA Financial ultimately ended up paying a $40 million ransom to stop the attack.
3. Colonial Pipeline
Colonial Pipeline, one of the largest pipelines for refined oil in the United States, was hit with a ransomware attack earlier this year that led to a complete pipeline shutdown and fuel shortages in several US states.
It is believed that this attack was caused by a single compromised password that was leaked onto the dark web. These stolen credentials were then used to access an unused account that still had access to their network.
Ultimately, Colonial Pipeline ended up paying a $4 million ransom to stop the attack.
4. Buffalo Public Schools
In 2021, we are continuing to see a rising number of attacks targeted at the education sector – Recently, we have seen an attack on the Buffalo Public School system, which serves around 34,000 students. The attack shut down the entire school system, forcing the cancellation of both remote and in-person instruction for one week.
Computing giant Acer was hit with a ransomware attack in March when many of their sensitive documents, financial spreadsheets, bank balances, and communications were encrypted. Attackers demanded what was then the largest ransom to date ($50,000,000), with the threat that the encrypted documents would be leaked online if the price was not paid.
Comprehensive Ransomware Protection with Stratejm
It is clear at this point that organizations, both large and small need to setup it up when it comes to cybersecurity, especially considering the sharp rise in cyber threats that we have seen recently. For most organizations, the most effective and efficient way to do that is by partnering with a Managed Security Services provider like Stratejm. We provide comprehensive, turnkey, enterprise-grade cybersecurity that is backed by our dedicated team of cybersecurity analysts.