Ransomware was the number-one type of cyberattack victimizing organizations in 2021, accounting for 21% of cyberattacks worldwide, and manufacturing was the most heavily targeted industry, according to new research by IBM Security. The most common ransomware strain by far was REvil, also known as Sodinikibi, which made up 37% of the attacks, with Ryuk (13%) and Lockbit 2.0 (7%) rounding out the top 3.
The report also examined the evolution of ransomware attacks, which have morphed from the classic “encrypt and extort” to attacks involving double and even triple extortion:
- In a classic “encrypt and extort” attack, cybercriminals encrypt a victim’s systems and files, then demand a ransom in exchange for an encryption key. Threat actors don’t access any data; they just encrypt it.
- In a double extortion attack, threat actors access and steal data, in addition to encrypting systems and files. Then, they demand a ransom in exchange for an encryption key and not selling or publicly releasing the stolen data.
- A triple extortion attack is just like a double extortion attack, with the added “bonus” of a distributed denial of service (DDoS) attack to overwhelm systems and increase the pressure on victims to pay up.
“Classic” ransomware attacks are now in the minority. Over three-quarters of ransomware attacks involve a threat to leak exfiltrated data.
Download our Ransomware Impact Report to understand the aftereffects of ransomware attacks.
Ransomware & Phishing: Like the Head and the Neck
Ransomware doesn’t magically appear on networks all by itself. Threat actors have to plant it there, which means they must first breach the system. In 2021, the leading infection vector was phishing – and almost all of the phishing campaigns sought to steal login credentials.
In this manner, ransomware and phishing work in tandem, like the head and the neck. Once a threat actor successfully phishes a victim and obtains a set of working login credentials, they can enter the network, poke around and escalate privileges, steal data, and ultimately deploy the ransomware payload.
Manufacturers have long been targets for cyberespionage perpetrated by nation-state actors or competitors who are after valuable digital intellectual property (IP), such as product design schematics. Long prior to the crisis in Europe, Verizon estimated that 27% of cyberattacks on manufacturers were related to espionage. Likely, this figure will increase as nation-state attackers attempt to steal technology for use in their home countries.
Additionally, many manufacturers are small and medium-sized businesses (SMBs) that supply parts to much larger organizations. These SMBs tend to lack comprehensive cybersecurity defenses. They’re also more likely than large enterprises to experience significant downtime following a ransomware attack – downtime that they can ill-afford, which means they’re under more pressure to pay the ransom in a desperate bid to restore normal operations as soon as possible.
Zero-Trust Network Access Helps Prevent Ransomware Attacks
In its report, IBM Security notes that a zero-trust network security model that includes least-privilege network access and multi-factor authentication (2FA) helps prevent both ransomware and phishing attacks.
In a zero-trust model, it is assumed that all users and devices could potentially be compromised. Therefore, everyone, human or machine, must be authenticated before they can access the network. With its emphasis on user and device verification, a successful zero-trust implementation hinges on the ability of organizations to enforce comprehensive password security, including the use of strong, unique passwords for every account, 2FA, role-based access control (RBAC), and least-privilege access.
Meanwhile, 2FA ensures that even if a user falls victim to a phishing scheme, and their password is compromised, the threat actor won’t be able to use it without the additional authentication factor.
Keeper’s zero-knowledge password management and security platform provides organizations the total visibility and control over employee password practices that they need to successfully implement a zero-trust security model. IT administrators can monitor and control password use across the entire organization, both remote and on-prem, and set up and enforce 2FA, RBAC and least-privilege access.