
Muninder Adavelli
Updated · May 31, 2023
Raj Vardhman is a tech expert and the Chief Strategist at TechJury.net, where he leads the research-... | See full bio
Ransomware is malware that denies people access to computer files. In 2020, there were 304.6 million detected ransomware attacks worldwide. That number skyrocketed to 623.3 million in 2021.
Traditional methods and outmoded practices are no longer enough for data protection. Continue reading to learn more about ransomware and how to avoid becoming a victim.
Ransomware-related cyber attacks have been seeping through organizations' databases since 2020. These breaches doubled in number in 2021. As a result, businesses take tremendous measures to prevent ransomware attacks and preserve their data.
With this, we can delve further into the operation of ransomware and the scale of its growth since it first entered data systems.
Ransomware is a common yet costly occurrence. There are around 1.7 million ransomware attacks daily, and costs are expected to increase by $265 million by 2031.
Hackers also use ransomware to compromise organizational systems; this includes adding malware to increase data breach capacity.
Here are the most intriguing ransomware attack statistics from recent years:
(Statista)
The rise of ransomware started in 2017 and climbed to servers quickly, and just a few years later, there were 623.25 million ransomware attacks in 2021. This is primarily due to problems adapting networks and supply chains for hybrid and remote work.
(AAG)
With the imminent danger of ransomware lurking around the corner, more companies and government organizations are taking extreme measures to increase government protection and general awareness of their data. The decrease in ransomware in 2022 indicates that precaution is taking effect.
(Cybereason)
74% of construction companies stated that their organization would pay in the event of an attack, while 51% from the tech sector and 43% from the utility or energy section.
For a construction company, being a victim of a ransomware attack entails several problems, such as:
These issues may push the organization to settle the ransom demands.
(AAG)
Phishing aims to trick the victim into sharing private information, such as passwords and card details. Almost 30% of phishing emails are opened, which increases the chances of downloading from suspicious links containing ransomware or malware.
Since phishing emails are easy to send and garner faster responses, it is one of the top entry points for ransomware attacks.
(Zscaler)
Double extortion occurs when a ransomware attacker gains access to a victim's private network and discovers high-value data and assets to store on their storage network. The attacker will encrypt the data and demand a ransomware payment.
If left unpaid, the criminal will sell the stolen assets and data or publish it for public consumption. This technique caused 1,200 incidents in 2020, resulting in numerous high-visibility data breaches.
The cost of ransomware attacks usually puts companies in a position where they will think about paying due to the value of data. Even if the organization decides to pay, recovery periods of ransomware attacks still entail.
Recovering from a ransomware attack also means spending more money to ensure the data's safe and the company won't be vulnerable to attacks again.
How much does paying off a cyberattack like ransomware cost? Let's go through a few statistics to learn more about it:
(UpGuard)
In general, data breaches have become more expensive. Breach response costs grew by 13% over the past two years. The COVID-19 pandemic caused most organizations to adopt remote working in 2020–2021.
(Lexology)
Companies need to shell out around $4 million to cover all the expenses incurred from a ransomware attack. This doesn't include the ransom payment, which can amount to around $800,000.
(Cybersecurity Dive)
Apart from the manufacturing industry, ransomware attackers target energy and utilities at $2.03 million. The lowest ransom payments were in the healthcare industry, valued at $197,000, and state governments at $214,000.
(NetApp)
Experiencing a cyberattack doesn't end with the ransom. Most companies spend 50 times the cost of the ransom payment to account for the downtime. Recovery costs, like lost productivity and hiring contractors to rush recovery processes, add up quickly.
(PureStorage)
The organization didn't pay the ransom yet and still incurred expenses of $10 million. Companies must spend money on new hardware and software, staff pay, and third-party cybersecurity consultants.
Apart from that, these attacks expose the weaknesses in a company's security systems. With this, the company will need to invest in expensive cybersecurity ventures to prevent a data breach from happening again.
Ransomware attackers always target industries with urgent needs, one of which is healthcare. Millions of lives are in danger when the data is compromised and inaccessible; this makes healthcare organizations more likely to pay a ransom as its a matter of life and death.
How important is data to healthcare companies? These statistics will tell you all about it:
(PhoenixNAP)
Healthcare companies have sensitive data, such as financial information, medical records, and other personal data. These kinds of information make healthcare databases goldmines for identity theft. Healthcare providers are also more likely to pay the attackers' demands because they need that encrypted information to treat people.
(Healthcare I.T. News)
While this number is alarming, researchers are also unsure about how accurate this statistic is as not all companies report ransomware attacks due to HIPAA; healthcare providers need not report incidents that show the low probability that patient information has been exposed.
(Sophos News)
Since many lives are put in danger because of ransomware attacks, most healthcare organizations don't think twice about paying the ransom demands of the attackers. This makes attackers more inclined to target this industry. Because healthcare systems need life-saving equipment and reliable hospital operations, attackers can demand quick and high ransoms.
(Health I.T. Security)
Even with a reporting window of 60 days, not all healthcare organizations can fulfill the ransomware report within the time frame. While this may make other statistics inaccurate, it's important to note that these healthcare companies still make the report to try and lessen the attacks in the future.
(Astra)
While ransom payments for healthcare organizations may be lower than the average, it doesn't mean they shouldn't invest in cybersecurity.
A data breach could entail many issues, such as lost productivity among doctors and clinicians, added expenses to transport patients to other medical institutions, and readjusting standard practices during downtime to keep treating patients.
(Healthcare Innovation)
An insider threat is a group member with access to the organization's security processes, systems, and data. This person can use this to negatively impact the organization, such as extorting them for profit.
Insider threats in an organization may be careless workers, inside agents, disgruntled employees, and third parties. However, it’s reported that most of the threats were careless workers unaware of security policies and could not attend security awareness training.
(Sophos News)
Most healthcare organizations settle the ransom payment to retrieve their data quickly. However, it only sometimes works in their favor. Fewer data is recovered even after paying the ransom. Only 2% of those that settled in 2021 got 100% of their data back, down from 8% in the previous year.
Cyber attackers target companies with deep pockets. Organizations and companies holding valuable data will be more than willing to settle the ransom payment to regain access to their data.
What are some notable cases of ransomware attacks? Learn more below.
(Kaspersky)
Travelex was attacked by Sodinokibi (REvil), a private Russian ransomware-as-a-service (RaaS) operation, in January 2020. The ransomware attack led the attackers to acquire 5 G.B. of sensitive client data, including birth dates and credit card information.
Sodinokibi told Travelex that if the ransom were paid, they would delete the data they had. If unpaid, the ransom will double every other day. This forced the forex company to pay $2.3 million in Bitcoin and was able to restore their systems after 14 days.
(ZDNet)
DarkSide infiltrated Colonial Pipeline's network, which provides 45% of the East Coast's fuel, and demanded $4 million as a ransom. The company decided to pay the ransom when the demands were made. As a result, the company shut down for six days.
In the meantime, several local government officials declared states of emergency. They assured the public they did not need to hoard gas. However, panic buying still occurred in 11 states.
(Touro College Illinois)
After successfully attacking Colonial Pipeline, DarkSide targeted Brenntag, a chemical distribution company. Brenntag was forced to settle the ransom. Despite the amount, it's still recorded as one of the highest ransomware payments in history.
(Sangfor)
Lapsus$ has a history of using ransomware to attack other big tech companies like Samsung, Impresa, T-Mobile, and Microsoft. They attacked Nvidia, the largest semiconductor chip company. Nvidia confirmed that a threat actor leaked employee information and proprietary details online.
(Sangfor)
The hospital chain experienced a ransomware attack that compromised patient information. Fortunately, CHI Health acted quickly and secured its infrastructure to ensure continuity of care for patients.
Employees and nurses shared that they've been forced to do everything manually, including charting patient data, which takes them longer than usual. Edward Porter, who has diabetes, could not reorder sensors for his glucose monitor as the CHI Health System was offline.
The investment organization investigated the attack's origin, scope, and nature to assess any data breaches. Curo Fund Services claims to have already taken drastic steps to implement additional security, which can keep them safe from further unauthorized access.
Unlike other companies, this investment group did not engage with the attackers and instead focused its energy on restoring its operations with the help of third-party specialists.
(Malware Bytes Labs)
Lockbit, one of the five most dangerous cyber threats facing businesses in 2023, posted 126 victims on its site early in 2023. They targeted the U.K.'s Royal Mail, a significant operation that ships to 231 countries worldwide.
The cyber attackers demanded $80 million from them in January. LockBit negotiated down to $40 million, but it still needs to be determined if the Royal Mail paid this amount.
The education sector is highly vulnerable to hackers as it holds skills information, budgetary and financial data issues, and their overall lack of preparation.
Usually, data exfiltration is the primary goal of ransomware criminals - because the integrity of the data is essential to the schools and the students, faculty, and staff within them. Holding this information at ransom makes it more probable for the organization to settle the demands.
(Sophos News)
Since the education sector limits its budget against cybersecurity, they're an obvious target for hackers. The rate of ransomware attacks in education is rising daily, reflecting the success of the RaaS operation to get into schools' data systems effectively.
Even if an educational institution is insured, it might still have difficulty recovering the ransom. This is due to the high rate of ransomware events in this sector, which forces them to improve their cyber defenses and security to improve their cyber insurance standing.
(Comparitech)
Educational institutions have an estimated amount of $3.56 billion in downtime alone. Most have also incurred massive recovery expenses when restoring their programs and computers. Also, their cybersecurity improvement processes add to the list of costs during a ransomware attack.
The attack against Lincoln College was devastating; they had to shut down their institution permanently. The cyber attack impacted their systems, causing a shortfall in enrollments, which meant the school could no longer operate.
(Security Boulevard)
14 schools in the U.K. have been reported to be attacked by ransomware, which was attributed to the RaaS group named Vice Society.
They were said to leak data such as passport scans of students and parents, contractual offers for staff, headmaster's salary, Special Educational Needs (SEN) information, and student bursary fund recipients.
(Graphus)
Since online classes have started, most educational institutions must adapt to the new practices and shift to this learning environment. Most schools needed help with these processes and required more preparation. This meant their systems had many weak points and vulnerabilities, which the hackers used to their advantage.
(Cybersecurity Dive)
Among the 17,000 school districts across the U.S., the Los Angeles school system is the second biggest in the country, after New York City. Officials in L.A. claimed there was no response to the ransom demand. The RaaS group stole sensitive data, such as contractors' personal information and Social Security Numbers (SSNs).
(Governing)
Lower education respondents in the Sophos worldwide survey recovered 62% of their data after paying the ransom, while higher education at 61%. This is a step down from the 68% recovery rate in 2020.
It also took 26% of lower education respondents and 40% of higher education ones more than 30 days to recover from the attack. Experts say that most higher education institutions recovered most, if not all, of their data within 3-4 weeks; It would still take months to repair and improve their cyber security defenses fully.
Ransomware is rapidly becoming one of the most dangerous and threatening malware to hit the digital age. Organizations are put at a standstill when this occurs, forcing them to decide how valuable their data is.
Some companies and organizations fall due to compromises within their internal security and servers. This should be a warning sign to all using online servers to caution against ransomware. Companies should add more security measures to improve their cybersecurity practices and defenses.
Employees need practical training and routine checks to ensure they're not accidentally leaking anything. I.T. systems and databases should have regular backups so that they're not entirely blind when an attack like this occurs.
Malware is often spread through phishing emails. Attackers also use drive-by downloading, which occurs when a user is unaware that they've visited an infected website or link that automatically downloads the malware without them knowing.
Apart from capitalizing on the importance of the data they steal, attackers also focus on the users' fear. They will use their virus to incite fear and action to victims.
You can prevent ransomware by regularly updating your software systems, filtering phishing emails and suspicious links, and storing backup data on separate devices.
You may use a strong spam filter in your and your organization's email stream. You may also assign someone to scan incoming and outgoing email messages to detect threats and prevent infiltration.
The short answer is no. There have been reports of organizations not paying the ransom demands and still finding a way to recover their data.
Instead, you should invest your money in legitimate cybersecurity firms to help you protect your data systems from hackers.
Raj Vardhman
Raj Vardhman is a tech expert and the Chief Strategist at TechJury.net, where he leads the research-driven analysis and testing of various technology products and services. Raj has extensive tech industry experience and contributed to various software, cybersecurity, and artificial intelligence publications. With his insights and expertise in emerging technologies, Raj aims to help businesses and individuals make informed decisions regarding utilizing technology. When he's not working, he enjoys reading about the latest tech advancements and spending time with his family.
Latest from Author
Your email address will not be published.
Muninder Adavelli
Updated · May 31, 2023
Updated · May 31, 2023
Muninder Adavelli
Updated · May 31, 2023
Muninder Adavelli
Updated · May 30, 2023