LATEST HEADLINES

However, due to ransomware and the significant number of payouts due to breaches occurring in the last year, premiums are increasing, regardless.

(Source – US data on ransomware attacks on critical infrastructure collected by Temple University). Other Cyber Incidents Around the World Involving ...

The top 3 most concerning attacks were email attacks (74%), ransomware (73%) and cloud-based attacks (68%); 96% of respondents are preparing ...

Unfortunately, sophisticated and devastating malware and ransomware attacks will likely increase throughout 2021 as threat actors continue to ...

Ransomware attacks have gone from being a nuisance to becoming a significant financial burden, as well as a major threat to our critical infrastructure ...

As ransomware attacks continue to surge across the globe, the demand for negotiation services has also increased -- and been hard to fill.

COVID-19 and Ransomware. Several threats stood out in the IC3 report. One of those was the incessant stream of scams and fraud attempts that ...

"There's no doubt that organisations that have experienced that have a much more visceral sense of what it feels like to experience a ransomware ...

Withstanding 'brutal' ransomware attacks. Successful attacks like the ones that hit trucking and logistics firm Forward Air Corp. and shipping line CMA ...

Two-factor authentication is one of many methods used to protect patient information as ransomware attacks become more prevalent among physician ...

Major U.S. insurer CNA confirmed this week that it was the victim of a ransomware attack and that it has taken several steps on the road to recovery.

Security experts discuss the ransomware campaigns taking aim at Microsoft Exchange Server vulnerabilities patched last month. As organizations ...

Sierra Wireless states the ransomware attack appears limited to its own internal systems and did not affect consumer-facing portals or resources.

“The ramifications of a ransomware attack or threat actor activity against CNA and insurance company networks — much less an insurance company ...

The recommendation for ransomware is not to pay, since these cybercriminals do not usually send the key to decrypt the files and may claim even ...

Even the FBI raised their concerns and brought them to the medical community's attention about “imminent ransomware attacks.” The only viable ...

In addition to statistics, the IC3’s 2020 Internet Crime Report contains information about the most prevalent internet scams affecting the public and offers guidance for prevention and protection. It also highlights the FBI’s work combating internet crime, including recent case examples. Finally, the 2020 Internet Crime Report explains the IC3, its mission, and functions.The IC3 gives the public a reliable and convenient mechanism to report suspected internet crime to the FBI. The FBI analyzes and shares information from submitted complaints for investigative and intelligence purposes, for law enforcement, and for public awareness.With the release of the 2020 Internet Crime Report, the FBI wants to remind the public to immediately report suspected criminal internet activity to the IC3 at ic3.gov. By reporting internet crime, victims are not only alerting law enforcement to the activity, but aiding in the overall fight against cybercrime.Resources:

This post is also available in: 日本語 (Japanese)IntroductionRansomware is one of the top threats in cybersecurity and a focus area for Palo Alto Networks. The global threat intelligence team (Unit 42) and incident response team (The Crypsis Group) have partnered to create the 2021 Unit 42 Ransomware Threat Report to provide the latest insights on the top ransomware variants, ransomware payment trends and security best practices so we can understand and manage the threat.To evaluate the current state of the ransomware threat landscape, the Unit 42 threat intelligence team and the Crypsis incident response team collaborated to analyze the ransomware threat landscape in 2020, with global data from Unit 42 as well as data from the U.S., Canada and Europe from Crypsis.Key Findings Cybercriminals Are Making, and Demanding, More Money Than EverNote: The following data is from the U.S., Canada and Europe.The average ransom paid for organizations increased from US$115,123 in 2019 to $312,493 in 2020, a 171% year-over-year increase. Additionally, the highest ransom paid by an organization doubled from 2019 to 2020, from $5 million to $10 million. Meanwhile, cybercriminals are getting greedy. From 2015 to 2019, the highest ransomware demand was $15 million. In 2020, the highest ransomware demand grew to $30 million.Of note, Maze ransom demands in 2020 averaged $4.8 million, a significant increase compared to the average of $847,344 across all ransomware families in 2020. Cybercriminals know they can make money with ransomware and are continuing to get bolder with their demands.Healthcare Organizations in the CrosshairsThe world changed with COVID-19, and ransomware operators took advantage of the pandemic to prey on organizations – particularly the healthcare sector, which was the most targeted vertical for ransomware in 2020. Ransomware operators were brazen in their attacks in an attempt to make as much money as possible, knowing that healthcare organizations – which needed to continue operating to treat COVID-19 patients and help save lives – couldn't afford to have their systems locked out and would be more likely to pay a ransom.Ryuk ransomware stood out from the pack. In October 2020, a joint cybersecurity advisory was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS), warning healthcare organizations against Ryuk attacks.The Rise of Double ExtortionA common ransomware attack consists of the ransomware operator encrypting data and forcing the victim to pay a ransom to unlock it. In a case of double extortion, ransomware operators encrypt and steal data to further coerce a victim into paying a ransom. If the victim doesn’t pay the ransom, the ransomware operators then leak the data on a leak site or dark web domain, with the majority of leak sites hosted on the dark web. These hosting locations are created and managed by the ransomware operators. At least 16 different ransomware variants are now threatening to expose data or utilizing leak sites, and more variants will likely continue this trend.The ransomware family that leveraged this tactic the most was NetWalker. From January 2020 to January 2021, NetWalker leaked data from 113 victim organizations globally, far surpassing other ransomware families. RagnarLocker was second, leaking data from 26 victims globally. It’s worth noting that the US Department of Justice announced in January 2021 that it had coordinated international law enforcement action to disrupt the NetWalker ransomware gang. The dark web domain managed by the NetWalker operators, which hosted leaked data, is no longer accessible.Steps to Reduce Ransomware ExposureDefending against ransomware attacks is similar to protecting against other malware. However, it represents a much higher risk to the organization.Initial AccessInitial access is relatively consistent across all ransomware variants. Organizations should maintain user awareness and training for email security as well as consider ways to identify and remediate malicious email as soon as it enters an employee’s mailbox. Organizations should also ensure they conduct proper patch management and review which services may be exposed to the internet. Remote desktop services should be correctly configured and secured, using the principle of least privilege wherever possible, with a policy in place to detect patterns associated with brute-force attacks.Backup and Recovery ProcessOrganizations should continue to back up their data and keep an appropriate recovery process in place. Ransomware operators will target on-site backups for encryption, so organizations should ensure that all backups are maintained securely offline. Recovery processes must be implemented and rehearsed with critical stakeholders to minimize downtime and cost to the organization in the event of a ransomware attack.Security ControlsThe most effective forms of protection from ransomware are endpoint security, URL filtering or web protection, advanced threat prevention (unknown threats/sandboxing) and anti-phishing solutions deployed to all enterprise environments and devices. While these will not outright guarantee prevention, they will drastically reduce the risk of infection from common variants and provide stopgap measures, allowing one technology to offer a line of enforcement when another may not be effective.Get the full 2021 Unit 42 Ransomware Threat Report for more research and best practices to implement in your organization.Additional Resources Get updates from Palo Alto Networks!Sign up to receive the latest news, cyber threat intelligence and research from us