Cybercrime is a growing, highly successful and profitable industry. According to analysts, cybercrime costs will grow by 15 percent per year to reach $10.5 trillion by 2025: the third greatest “economy” in the world, after those of the United States and China.
A big part of this is ransomware, multi-pronged attacks capturing an organization’s data and systems. Since the start of the pandemic, ransomware attacks have increased by nearly 500 percent since the start of the COVID-19 pandemic.
The average ransom payment has also continued to climb, up 43 percent from the last quarter of 2020 to an average of over $200,000. What is especially insidious about these attacks is that a ransom demand is often accompanied by a breach and extraction of company data, and a concurrent extortion threatening to release this data unless additional payments are made.
In the first quarter of 2021, over three-quarters of ransomware attacks were tied to such a threat.
Criminals have also evolved to become increasingly systemic. The recent attack on Colonial Pipelines by the hacker collective DarkSide exemplifies this. Like their state-sponsored counterparts, criminal collectives have created virtual organizations and enacted focused strategies targeting specific sectors and companies. They have infinite resources, skills and patience. They are playing a long game where targets are identified, carefully reconnoitered and only acted upon when the maximum value can be extracted.
CNA Financial was attacked in late March, and paid a ransom of $40 million — one of the biggest payments on record. The hackers were apparently interested in obtaining access to CNA’s client database not only to blackmail the company itself, but to identify clients that had purchased cyber insurance with a ransomware payment rider to identify the most lucrative targets. DarkSide are also selling ransomware packs to other hackers — Ransomware-as-a-Service (RaaS) is becoming a growing profit center.
Legislators have, predictably, responded to these attacks. U.S. President Joe Biden has directed federal agencies to bring all of their resources to bear on dealing with digital disruptions. The Department of Homeland Security is developing a set of mandatory rules for how pipelines, and likely other infrastructure providers, will need to safeguard their assets.
Ransomware is focused on compromising backups and corrupting data across central file services. With ransomware evading traditional security controls, continuously monitoring threat indicators in your ONTAP environment has never been of greater importance. Ransomware attacks on average start weeks before an encryption is seen, and ProLion is always watching to help you take action before damage is done. Downtime is our enemy, and we are determined to keep ONTAP customers always-on.