Ransomware Demands, Data Leaks Skyrocketed Last Year

February 15, 2022 - In its annual threat report, CrowdStrike observed an 82 percent increase in data leaks resulting from ransomware in 2021. CrowdStrike researchers tracked more than 50 targeted ransomware events per week on average.

In addition, the report found that the average ransom demand increased to $6.1 million in 2021, signifying a 36 percent spike compared to 2020. The findings bolstered those of other recent reports and underscored the growing threat of ransomware and data breaches across all sectors.

The healthcare sector ranked sixth in the number of ransomware-based data leaks, jumping from 94 in 2020 to 154 in 2021. Overall, every sector analyzed saw significant increases in cyber threats throughout the last year compared to 2020.

The Cybersecurity and Infrastructure Security Agency (CISA) recently released a report that revealed that 14 of the 16 critical infrastructure sectors were targeted in ransomware attacks last year, further solidifying the grim nature of today’s cyber threat landscape.

“Cybercriminals have become more sophisticated and also more opportunistic, exploiting zero-day vulnerabilities and architectural limitations inherent in legacy technology that is prevalent across the healthcare sector,” Adam Meyers, CrowdStrike’s senior vice president of intelligence, told HealthITSecurity.

CrowdStrike outlined numerous new tactics, techniques, and procedures (TTPs) used by threat actors in 2021 that allowed them to exploit thousands of organizations successfully. Threat actors are quickly finding innovative ways to deploy cyberattacks and adapt to the increasingly sophisticated security programs that organizations are investing in.

“For example, adversaries such as BITWISE SPIDER avoided using publicly available exfiltration tools by developing their own,” the report stated.

“Another major development was increased data theft and extortion without the use of ransomware, leading to the establishment of new marketplaces dedicated to advertising and selling victim data.”

The report tracked an uptick in Iran-based adversaries and China-nexus actors, the latter of which emerged as the leader in vulnerability exploitation. Researchers also observed threat actors gravitating toward exploiting stolen user credentials to bypass legacy security solutions. In fact, 62 percent of all detections indexed in the fourth quarter of 2021 were malware-free.

Legacy systems are highly vulnerable to exploitation, Meyers stressed.

“Additionally, the personally identifiable information stored within these systems is extremely valuable to adversaries looking for a payday,” Meyers said.

“A recent example is Hive ransomware, which targeted healthcare organizations among others, infiltrated networks by disabling antivirus software and destroying backup systems, then encrypting files and folders.”

Hive ransomware claimed responsibility for numerous high-profile cyberattacks, including one aimed at Memorial Health System in August 2021, resulting in appointment cancellations, EHR downtime, and emergency room diversions.

“To help mitigate these types of attacks, I generally recommend the following areas of focus – enhance your cyber hygiene, establish threat hunting and threat intelligence programs, implement next-generation antivirus capabilities and run tabletop exercises,” Meyers advised.

“Bottom line, there is a reason why the healthcare sector had the sixth most data leaks of any sector within the 2022 Global Threat Report findings. Integrating these steps will help the healthcare sector strengthen its overall cyber posture.”