2021 Had Sharp Increase in Ransomware Data Leaks and Higher Ransom Demands

According to the annual threat report published by CrowdStrike, there were a lot more data leaks right after ransomware attacks in 2021, increasing by 82% from 2020. There were 2,686 ransomware attacks reported in 2021 in comparison to 1,474 in 2020. The weekly number of ransomware attacks in 2021 is more than 50.

Ransomware gangs likewise demanded higher ransom amounts in 2021, higher by 36% in 2021 compared to 2020. On average, the ransom demand in 2021 was $6.1 million. The healthcare sector was greatly targeted by ransomware groups in 2021, although a number of threat actors claimed they won’t carry out attacks on healthcare providers. CrowdStrike found 154 ransomware attacks on healthcare companies in 2021, up from 94 in 2020. Healthcare ranked 6th out of all industry areas for data leaks. It was 4th in 2020.

CrowdStrike stated the threat landscape grew to be a lot more congested in 2021, with many new adversaries arising including threat actors that have formerly not been substantially involved in cyberattacks like Turkey and Colombia. CrowdStrike discovered 21 new adversaries in 2021, with a substantial increase in Iran-nexus and China-nexus threat actors.

A threat group known as Wizard Spider was one famous ransomware actor in 2021. Carbon Spider concentrated on big game hunting, Cozy Bear focused on targeting cloud environments, Prophet Spider utilized the Log4j exploit for collecting credentials from internet workspace services, and Aquatic Panda focused on the Log4j vulnerability and employed the Log4Shell exploit to realize remote code execution on victims’ networks.

Iran-nexus actors broadly used lock-and-leak tactics. Russian threat actors more and more attacked cloud environments. China-nexus threat actors concentrated on exploiting new vulnerabilities. CrowdStrike mentioned there was a sixfold growth in vulnerability exploitation in 2021. 10 named adversaries or activity groups engaged in those cyber attacks. Chinese threat actors just exploited 2 vulnerabilities in 2020 and 12 in 2021.

Since 2020, ransomware gangs have been exfiltrating sensitive information prior to encrypting files and were utilizing double extortion strategies on their victims. Victims are compelled to pay ransom in exchange for the keys to decrypt the information and to avoid the publishing of the stolen data on data leaks sites. Although ransomware attacks were prevalent, there was additionally a growth in data theft and extortion without using ransomware and there was a dynamic market for selling stolen records on hacking forums and darknet sites.

Malware is generally utilized in cyberattacks however attackers are progressively averting the usage of malware and are employing legitimate credentials to obtain access to networks and then living-off-the-land techniques, where present system tools are employed instead of malware to evade security options. In 2021, just 38% of cyber attacks employed malware, 62% of attacks do not involve malware.

CrowdStrike thinks cloud-related threats would become more common and evolve in 2022 as threat actors pick targets that give direct access to sizeable consolidated stores of high-value information. Threat actors are furthermore probable to mix up their tool arsenal to consist of mobile malware 9nm 2022, and it is very possible adversaries will continue to look for weaknesses in platforms employed by their targets in 2022.

To fight these threats, CrowdStrike advises researching the adversaries that are identified to target your market, as this is going to allow you to better prepare for attacks. It is important to safeguard all workloads and have an established response plan to enable instant action to be done in the event of an attack. The quickness of the response usually dictates if mitigations work or fail.

Cloud misconfigurations are usually taken advantage of to acquire access to big data stores. One method to minimize the risk of human error is to have new accounts and infrastructure utilizing default patterns. Though it is crucial to carry out technical procedures to detect and stop intrusions, it is additionally essential to invest in user awareness programs, as end-users could play a vital role in stopping data breaches, particularly detecting and preventing social engineering techniques and phishing attacks.