Cyber Crime & ForensicPress ReleaseThreat Detection & Defense

Ransomware Attacks Targeting Businesses More than Double Since Last Year – Barracuda

The number of ransomware attacks has increased dramatically over the past year and businesses remain the no.1 target, according to the most recent Threat Spotlight from Barracuda, a trusted partner and leading provider of cloud-enabled security solutions.

Analysing 106 highly publicised attacks across the globe, including Southeast Asia between August 2021 and July 2022, Barracuda researchers saw a notable rise in ransomware attacks targeting all industries, underlining the need for businesses to remain vigilant.

Five key industries stood out as the popular targets for ransomware hackers, with attacks on educational institutions more than doubling, and attacks on healthcare and financial organisations tripling. Researchers also saw a 4 per cent rise in attacks targeting municipalities, with attacks on critical infrastructure quadrupling over the same period – signalling cybercriminals’ intent to inflict greater damage beyond the impact on the immediate victim.

Researchers also found that of the companies being targeted across industries, service providers were hit the most (14%), though ransomware attacks on automobile, hospitality, media, retail, software, and technology organisations all increased as well.

When it came to service providers, whether they provide IT services or other business services, these types of organisations proved to be attractive targets for ransomware gangs due to the nature of the access they have to their clients’ systems.

From double extortion to late penalty fees

According to Barracuda researchers, in 2021, a double extortion trend emerged, where attackers were stealing sensitive data from their victims and demanding payment in exchange for a promise to not publish or sell the data to other criminals. In addition to this, this year’s research found instances when attackers are now demanding a late fee or penalty if ransom payments are not made promptly.

The good news according to this year’s research, is that this year saw fewer victims paying the ransom and more businesses standing firm thanks to better defences, especially in attacks on critical infrastructure. Researchers also noted how improved collaboration between nation states and government leaders has also created a collaborative environment for cracking down on these crimes.

Commenting on the research, Mark Lukie, Director of Solution Architects at Barracuda, APAC said: “Ransomware is still a major challenge for businesses across the Asia-Pacific region. It’s a global problem, which our research shows continues to escalate as criminals find new ways to exploit their victims for financial gain.”
 
Barracuda recommends taking five steps to defend against these attacks, which includes implementing execution prevention by disabling macro scripts from Microsoft Office files transmitted via email, setting up network segmentation to reduce the spread of ransomware if it does get in your system, and removing unused or unauthorised applications, which could be signs of compromise along with enhancing web application and API protection services and reinforcing access control on backups.

“Many cybercriminals target small businesses in an attempt to gain access to larger organisations. As a result, it is essential for security providers to create products that are easy to use and implement, regardless of a company’s size. Additionally, sophisticated security technologies should be available as services, so that businesses of all sizes can protect themselves against these ever-changing threats. By making security solutions more accessible and user-friendly, the entire industry can help to better defend against ransomware and other cyberattacks,” added Mr Lukie.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *