Ransomware: On the Rise and What You Can Do to Prevent Attacks
Ransomware has always been a favourite for cyber criminals. This is especially the case since early 2020 and the start of COVID, which has seen the number of attacks in some sectors such as Higher Education nearly double.
Moving forward to 2021, the number of ransomware attacks nearly doubled in the first half of this year. During the same period, ransomware victims increased by almost 100% and 60% of attacks were conducted by three ransomware groups – Avaddon, REvil and Conti. The top five targeted industries were Manufacturing, Financial Services, Transportation, Technology and Legal & Human Resources, accounting for 60% of attacks.
It turns out that not all ransomware attacks come from breaching the most-recently discovered vulnerabilities. It's been found that some have been around for nearly a decade - CVE-2012-1723, a Java Runtime Environment (JRE) vulnerability, was detailed in 2012. Due to oversight (laziness?), businesses and organisations haven't patched these vulnerabilities and remain open to exploitation.
ALL THE WAY TO THE TOP
The subject of ransomware has now made it all the way to the top, with the White House conducting a virtual meeting in mid-October this year of more than 30 countries to discuss ways to prevent ransomware attacks. Whether or not it makes a difference remains to be seen, but at least it's being talked about at the highest level.
Noticeable absentees from the meeting will be Russia and China, which weren't extended invitations. No official reason was given for the exclusion although, in the case of Russia, a statement earlier this year by the US Justice Department's top national security official, Assistant Attorney General John Demers, might shed some light:
"There is a lot of ransomware activity that is coming from Russian borders, which isn't being conducted by Russian government officials, but is being tolerated by the Russian government."
Similarly, in July this year the White House stated that hackers conducting ransomware attacks on private US companies were linked to China's Ministry of State Security.
WHAT CAN BE DONE?
Three words: patch your vulnerabilities.
However, this can be more easily said than done. Some businesses and organisations use a lot of software - A LOT - and keeping track of all the alerts and updates from software vendors can be time-consuming, to say the least. This can lead to 'patch fatigue' and one missed alert can cause, in the case of ransomware, financial disaster.
That's where vulnerability alert services like SecAlerts come into their own.
Choose your software from more than 15,000 listed in our database and we'll send you one easy-to-understand email with all the vulnerabilities - CVEs - affecting your software. You'll also receive version updates for your software and "your software in the (cyber security) news".
We source our CVEs from NVD, the US Government's National Vulnerability Database, which also ranks vulnerabilities as low, moderate, high and critical. This ties in perfectly with your PCI compliance (should you need it), particularly PCI Requirement 6.1: "Establish a process to identify vulnerabilities using reputable outside sources and assign a risk ranking to newly discovered vulnerabilities."
Unpatched vulnerabilities leave you open to numerous ways of cyber attack, including ransomware, malware, SQL injection, spyware and zero-days. So, if there's only one thing you do for your cybersecurity and preventing ransomware attacks in the process, fixing your software vulnerabilities is it: SecAlerts