- Healthcare remains the most targeted industry by ransomware attacks, which have spiked in the third quarter of 2018, according to latest data from specialist insurer Beazley.
Ransom demands in the most sophisticated type of breaches also increased in the third quarter. Ransom demands jumped to as much as $2.8 million in cases where criminals either targeted an organization or upon obtaining access discovered that they had more leverage and therefore increased the ransom demand.
Hackers have also been adding pressure on victims to pay the ransom by conducting reconnaissance on their network and compromising back-ups before deploying the encrypting malware.
While ransom demands have grown to seven figures in extreme cases, these remain rare and the median demand stands at $10,000 in 2018. This is significantly higher than the average of $1,000 reported in Beazley's October 2016 Breach Insights.
In the first three quarters of 2018, 71 percent of ransomware incidents handled by Beazley were for small and medium-sized businesses.
There are likely several explanations for the high percentage. Larger companies often have more resources to put better controls in place to prevent most ransomware from coming in or spreading throughout the network.
In addition, smaller companies are less likely to have properly segmented their backups, resulting in a higher likelihood of paying the ransom to get back up and running. Also, larger companies may have viewed the WannaCry and Not Petya worldwide attacks as wakeup calls and implemented better system patching protocols, judged Beazley.
“The complexity of different forms of ransomware and its capacity to stop business in its tracks frustrates organizations’ abilities to tackle these issues,” said BBR Services head Katherine Keefe.
“Unfortunately, it is often smaller businesses that are most vulnerable to attack by cyber criminals as they frequently lack the resources and protocols of larger firms. However, businesses of all sizes need to ensure their IT employees are aware of the risks through up-to-date training and implementation of cyber security measures.”
Criminals are employing a range of ransomware variants, including Dharma, GandCrab, Ryuk, and BitPaymer, that spread in different ways, explained Beazley.
Dharma appears to be launched manually after the criminal exploits remote desktop protocols. GandCrab has been spread through malvertising that directs a user to a site infected with an exploit kit, which then targets vulnerabilities in Adobe Flash Player or the Windows VBScript engine to install malware.
Ryuk and BitPaymer have been associated with the highest ransom demands. BitPaymer ransomware is appearing on systems that have also been infected with banking Trojans.
In July, US-CERT issued a warning about Emotet, which is spread through phishing and possesses capabilities to download other malware. Researchers at Palo Alto Networks have described Trickbot working in concert with Emotet to spread malware.
In addition, Beazley found that accidental disclosure is the leading cause of data breaches in healthcare despite a 11 percent drop from same time in 2017. Hacking or malware increased from 20 percent to 30 percent of healthcare data breaches in the course of a year.
Across industries, the top causes of data breaches in 2018 were reversed from healthcare: hacking or malware attacks was the leading cause (47 percent of data breaches) followed by accidental disclosure (20 percent). Hacking or malware, which also includes ransomware, was up 11 percent compared to the same period in 2017.
Business email compromise incidents continued to rise, more than doubling in the first nine months of 2018 compared to the same period in 2017. The attacks were broadly distributed across industry sectors, including healthcare, financial services, professional services, and higher education.