{"id":280588,"date":"2021-06-22T11:54:35","date_gmt":"2021-06-22T08:54:35","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/why-is-ransomware-on-the-rise\/"},"modified":"2021-06-22T11:54:35","modified_gmt":"2021-06-22T08:54:35","slug":"why-is-ransomware-on-the-rise","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/why-is-ransomware-on-the-rise\/","title":{"rendered":"#Why is ransomware on the rise?"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a22c22c49e91\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a22c22c49e91\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/why-is-ransomware-on-the-rise\/#Is_Ransomware_on_the_Rise\" >Is Ransomware on the Rise?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/why-is-ransomware-on-the-rise\/#Why_Is_Ransomware_on_the_Rise\" >Why Is Ransomware on the Rise?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/why-is-ransomware-on-the-rise\/#What_Can_Be_Done\" >What Can Be Done?<\/a><\/li><\/ul><\/nav><\/div>\n<p>&#8220;<strong>#Why is ransomware on the rise?<\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/img-cdn.tnwcdn.com\/image?fit=796%2C417&amp;url=https%3A%2F%2Fcdn0.tnwcdn.com%2Fwp-content%2Fblogs.dir%2F1%2Ffiles%2F2021%2F06%2FCyber-Crime-Ransomware-Hacker-black-hat-Security-hed.jpg&amp;signature=c3fc5cac5f5ee58458e5894ef704e6db\" \/><\/p>\n<div>Two high-profile cyberattacks on critical infrastructure companies over the past month have shone what experts say is a much-needed spotlight on the rising threat of ransomware.<\/p>\n<p>An attack against Colonial Pipeline in May forced the company to temporarily shut down 5,500\u00a0miles of pipeline that it said supplies nearly 45\u00a0percent of the East Coast\u2019s fuel. Colonial eventually paid the extortionists\u2014a group known as DarkSide\u2014nearly <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.nytimes.com\/2021\/05\/13\/us\/politics\/biden-colonial-pipeline-ransomware.html\">$5\u00a0million<\/a> in Bitcoin. The <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.justice.gov\/opa\/pr\/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside\">FBI has since recovered<\/a> roughly half of the ransom. Colonial confirmed the attack and <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.colpipe.com\/news\/press-releases\/colonial-pipeline-company-ceo-issues-statement-following-announcement-by-u-s-department-of-justice-on-recovery-of-cryptocurrency-funds\">thanked the FBI for its efforts<\/a> in a statement.<\/p>\n<p>Just weeks later, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.nbcnews.com\/tech\/security\/meat-supplier-jbs-paid-ransomware-hackers-11-million-n1270271\">another ransomware attack<\/a>, credited to the group REvil, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/jbsfoodsgroup.com\/articles\/jbs-usa-cyberattack-media-statement-june-9\">struck JBS<\/a>, the world\u2019s largest meat supplier, forcing the company to close plants across the U.S. and Australia and pay <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roximately $11\u00a0million in ransom.<\/p>\n<p>(The values of the ransoms referenced in this story have changed over the course of the <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>\u2019s coverage of the incidents because they were paid in Bitcoin, a highly volatile cryptocurrency.)<\/p>\n<p>Ransomware is a type of malicious software, or malware, that encrypts files on a computer or network and holds them hostage until the owner pays the attacker the requested fee. It\u2019s an old racket\u2014what\u2019s widely considered to be the first example of ransomware came in 1989, when malware was <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.zdnet.com\/article\/30-years-of-ransomware-how-one-bizarre-attack-laid-the-foundations-for-the-malware-taking-over-the-world\/\">delivered via floppy discs<\/a> to attendees at a World Health Organization AIDS conference.<\/p>\n<p>So in some respects, the attacks against Colonial Pipeline and JBS are nothing new. Thousands of companies are targeted by ransomware each year, and many end up paying to recover their data. But cybersecurity researchers say these two attacks are indicative of how the ransomware threat is morphing\u2014driven by a combination of economic factors and years of corporate secrecy and inaction.<\/p>\n<p>\u201cAmericans, I think for the first time at the actual consumer level, saw the impact of these ransomware attacks,\u201d said Adam Meyers, vice president of intelligence for cybersecurity firm CrowdStrike. \u201cOrganizations can\u2019t stick their heads in the sand and hope this is going away. They need to invest and start taking this seriously.\u201d<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Is_Ransomware_on_the_Rise\"><\/span><strong>Is Ransomware on the Rise?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Certainly, the companies that make money from selling cybersecurity services report a rise in ransomware.<\/p>\n<p>The cybersecurity firm SonicWall detected <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.sonicwall.com\/medialibrary\/en\/white-paper\/2021-cyber-threat-report.pdf\">more than 304\u00a0million<\/a> attempted ransomware attacks in 2020, a 62\u00a0percent increase over 2019. During the first five months of this year, the company tracked a 116\u00a0percent increase in ransomware attempts compared to the same period in 2020, and the 62.3\u00a0million attacks it detected this May were the most it has ever recorded in a single month, said Dmitriy Ayrapetov, vice president of platform architecture for SonicWall.<\/p>\n<p>Most of those attacks are likely aimed at victims of opportunity\u2014the perpetrator may send out waves of phishing emails at random hoping for just one or two victims to take the bait. But targeted attacks against corporations and government entities are also on the rise, Meyers and other cybersecurity researchers said.<\/p>\n<p>CrowdStrike <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/go.crowdstrike.com\/rs\/281-OBQ-266\/images\/Report2021GTR.pdf\">monitors organized criminal groups<\/a> that are more intentional in selecting their targets, what the company calls \u201cbig <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a> hunters.\u201d In 2020, the firm recorded at least 1,377\u00a0big game hunter infections. So far in 2021, CrowdStrike has recorded 1,024 such attacks, Meyers said, with an average ransom demand of $5.6\u00a0million.<\/p>\n<p>But it\u2019s hard to truly quantify the number of attacks, the type of targets, and the damage done. There\u2019s no comprehensive data source for ransomware attacks. The data we do have is either self-reported (and many companies and individuals don\u2019t report) or comes from cybersecurity firms that profit by selling protections against attacks and are therefore keen to publish reports demonstrating the severity of the situation.<\/p>\n<p>The FBI requests that organizations affected by ransomware report incidents so that the agency can better piece together trends. The agency\u2019s numbers actually show a decline in incidents but a rapid rise in damages. In 2016, there were 2,673 self-reported incidents resulting in $2.4\u00a0million in adjusted losses, according to the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.ic3.gov\/Home\/AnnualReports\">FBI\u2019s annual data<\/a>. That dropped to 1,783\u00a0incidents causing $2.3\u00a0million in losses in 2017, then 1,493\u00a0incidents causing $3.6\u00a0million in losses in 2018. In 2019, there were 2,047 reported incidents and $8.9\u00a0million in losses, and in 2020 the FBI recorded 2,474 incidents and $29.1\u00a0million in losses.<\/p>\n<p>The FBI\u2019s numbers are almost certainly vast undercounts because many businesses decide not to publicly disclose successful ransomware attacks in order to protect their reputations with shareholders and customers.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Why_Is_Ransomware_on_the_Rise\"><\/span><strong>Why Is Ransomware on the Rise?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The pandemic certainly increased many organizations\u2019 vulnerability to ransomware, experts said. Especially during the early days of work from home, when many employees were forced to use their own equipment, company and government systems were being accessed on personal computers that were also used for any number of other potentially risky activities, from playing online games to surfing the web.<\/p>\n<p>The rising value of Bitcoin, cyber criminals\u2019 preferred form of payment, over the last year has also added to the attractiveness of ransomware.<\/p>\n<p>But there are two changes within the ransomware industry\u2014because that\u2019s what it is now\u2014that experts say have been driving the increase in attacks since before the pandemic.<\/p>\n<p>\u201cOne of the causes of the recent increases we\u2019re seeing in ransomware is that they\u2019ve pivoted,\u201d said Darren Shou, the chief <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> officer for NortonLifeLock. \u201cInstead of just being a threat where they lock down access to your data, now there\u2019s a dual-threat where if you don\u2019t pay that ransom they threaten to release your data.\u201d<\/p>\n<p>The Babuk ransomware group recently targeted Washington, D.C.\u2019s Metropolitan Police Department with this type of attack. After the department declined to pay the requested $4\u00a0million ransom (it did allegedly <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.vice.com\/en\/article\/5dbgbk\/washington-dc-police-allegedly-offered-dollar100000-to-hackers-to-stop-leak\">offer to pay<\/a> $100,000), the group published hundreds of embarrassing pages from MPD officers\u2019 background investigations. The added threat of embarrassment and liability from having sensitive data published increases the potential financial pain for victims, making them more likely to pay ransoms. The more ransoms get paid, the more likely ransomware attacks become.<\/p>\n<p>The second major change is the emergence of \u201cransomware as a service,\u201d or RaaS. In addition to launching their own attacks, the most sophisticated ransomware groups are increasingly offering to sell their tools to aspiring criminals as a bundle, providing not just the malware but also the phishing operation, payment platform, and premade data leak site.<\/p>\n<p>The Colonial Pipeline attack perpetrated by DarkSide appears to have been an RaaS operation. Following the immediate flurry of <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a> about the pipeline\u2019s shutdown, which brought unwanted attention to the group, DarkSide <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.vice.com\/en\/article\/bvzzez\/colonial-pipeline-hackers-statement-darkside\">published a statement<\/a> on its website (on the dark web) saying \u201cfrom today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.\u201d<\/p>\n<p>\u201c[RaaS] really lowers the barrier of entry into this business,\u201d Ayrapetov said. \u201cIt\u2019s a natural kind of evolution of a business model, and you get more scale that way. As this scales, there are more players who might be more reckless.\u201d<\/p>\n<h2><span class=\"ez-toc-section\" id=\"What_Can_Be_Done\"><\/span><strong>What Can Be Done?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Cybersecurity experts say the solutions are widely known\u2014they\u2019re just not widely implemented.<\/p>\n<p>Organizations need to educate their employees about phishing and social engineering attacks, but there are also some technical and infrastructure changes that can make a big difference, experts said.<\/p>\n<p>Not everyone needs to have administrator access to their own computer, and organizations should segment their networks to ensure employees can only access the parts they need for their jobs.<\/p>\n<p>On top of that, companies should maintain air-gapped copies of their data\u2014regularly updated backups that aren\u2019t connected to the network and are therefore immune to ransomware encryption. They should also be using multifactor authentication and ensuring that they\u2019re implementing software patches as soon as the patches are released.<\/p>\n<p>Some of the economic factors spurring ransomware fears\u2014including the insurance industry that profits from them\u2014have also led to more controversial proposals.<\/p>\n<p>The Government Accountability Office <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.gao.gov\/products\/gao-21-477\">reported<\/a> that the percentage of companies paying for cyber insurance nearly doubled from 2016 to 2020. And as attacks and ransom demands increased, the premiums for those plans went up by as much as 30\u00a0percent between 2017 and 2020, while the amount those insurers promised to cover in damages for some sectors went down.<\/p>\n<p>Adam Wandt, a professor at John Jay College of Criminal Justice who researches cybercrime, said the security blanket of cyber insurance has convinced some organizations they don\u2019t need to implement the human and technical changes necessary to stop ransomware attacks, and that the only real long-term answer is for governments to pass laws banning organizations from paying ransoms for certain kinds of data.<\/p>\n<p>The FBI already urges organizations not to pay, but in some cases not paying means going out of business.<\/p>\n<p>\u201cRansoms should never be paid and those that do should understand the damage they\u2019re causing to our society for their own benefit and gain,\u201d Wandt said, acknowledging that such laws could initially be devastating to victims. \u201cPaying the ransom will lead to nothing more than more attacks on our critical infrastructure.\u201d<\/p>\n<p><em>This article by Todd Feathers was <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/themarkup.org\/ask-the-markup\/2021\/06\/15\/why-is-ransomware-on-the-rise\">originally published on The Markup<\/a> and was republished under the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/\">Creative Commons Attribution-NonCommercial-NoDerivatives<\/a><a rel=\"nofollow noopener\" target=\"_blank\"> license.<\/a><\/em><\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/thenextweb.com\/news\/why-ransomware-on-the-rise-syndication\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Why is ransomware on the rise?&#8221; Two high-profile cyberattacks on critical infrastructure companies over the past month have shone what experts say is a much-needed spotlight on the rising threat of ransomware. An attack against Colonial Pipeline in May forced the company to temporarily shut down 5,500\u00a0miles of pipeline that it said supplies nearly 45\u00a0percent&#8230;<\/p>\n","protected":false},"author":1,"featured_media":280589,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img-cdn.tnwcdn.com\/image\/tnw?filter_last=1&fit=1280,640&url=https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2021\/06\/Cyber-Crime-Ransomware-Hacker-black-hat-Security-hed.jpg&signature=3e74542e30440021d0c0df48b10593e2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-280588","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/280588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=280588"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/280588\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/280589"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=280588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=280588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=280588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}