Comparing 2022 and 2023 in terms of ransomware attacks and reported incidents, we unfortunately see an upward trend. According to multiple sources, in 2022, a total of ~236 million ransomware attacks were reported. However, in the first three quarters of 2023, we have already recorded more cyber intrusion attempts than in all of 2022. In the first quarter of 2023, ~51 million attacks were recorded. The number increased significantly in the second quarter, which recorded ~89 million. Although there are no official statistics for the third quarter yet, we know one thing – the number is constantly growing and becoming more frightening.
Terrifying statistics, isn’t it? They underscore the growing threat from ransomware and the importance of robust cyber security measures. We are seeing new techniques to protect against the attacks themselves related to new hacker tactics and new ransomware families. That’s why it’s also increasingly important to focus on protecting against the consequences of ransomware to minimize the possibility of downtime, as well as loss of reputation, money, and, most importantly – data, which can even lead to bankruptcy.
What’s even worse, Sophos asserted that only 65% of the surveyed organizations were able to restore their data after paying the ransom in 2022. So not only do companies face huge financial losses, but on top of that – they are not even guaranteed they’ll recover their mission-critical data after paying this tremendous amount of money.
Home office employees, often lacking network security, also became easy targets for data breaches, with over half of the attacks originating from simple phishing emails. This issue affects all, from individuals to large corporations.
Cyber warfare and global safety
The escalating Russia-Ukraine and Israel-Palestine wars have led to increased cybersecurity risks. Military cyber units’ actions against the enemies affect electronic communications, including email, phone calls, and social media, which of course, also affects any company still operating during a horrific time of war.
These conflicts have highlighted the importance of robust cybersecurity measures for businesses and organizations, especially those operating remotely or from home offices. It’s crucial to stay vigilant and ensure that appropriate security protocols are in place to protect against these increasing cyber threats. It’s likely to affect the companies that are partners or customers of these attack victims, which may lead to crucial business processes interruptions.
LockBit has admitted to attacking Japanese manufacturer Shimano. The group claims to have seized 4.5 TB of confidential data. The data included sensitive employee information, financial documents, customer databases, lab tests, and contracts. Shimano was given a condition of three days to pay the ransom before publishing all the data. The ransom demand note included a threat from LockBit that read: “If you don’t pay the ransom, we will attack your company again in the future.” Some of the data has already been published by LockBit.
Coca-Cola FEMSA was the victim of “TheSnake,” who posted stolen data on a popular hacking site. They allegedly obtained the organization’s database, including “full company information,” confidential photos and files, passwords, financial documents, supplier data, and employee information. In exchange for the removal of the files, $12 million was demanded. Coca-Cola decided to “negotiate a fair agreement”. According to TheSnake, the company did pay them $1.5 million not to leak those files. Some remain locked and are for sale on the dark web for $65,000.
The Ransomed group admitted to attacking Sony, but did not offer the organization the opportunity to pay the ransom. Instead, they put its loot up for sale! The seized data disclosed by the group contained merely 2 MB of data, including a PowerPoint presentation, some Java source code files and other resources. However, the hackers claim to steal 260 GB of data during the attack, which they valued at $2.5 million. Ransomed’s claims were contradicted by other groups who also said they were behind the attack. A Sony Corporation representative stated that they are looking into the situation and declined to comment further.
Wisconsin-based Cadre Services, a provider of employment and staffing services, has been added to the BlackCat website, where hackers claim to have seized 100 GB of its files. Information on job seekers, employees, top management, financial data, and a trove of porn from the CFO’s computer were part of the data. The ransom was $300,000. The company made $25,000 and $35,000 offers through a negotiator, but they were not accepted. BlackCat proceeded to release some of the data, including a folder that had 4,400 files with personal data and identities of job seekers.
How to avoid a ransomware attack?
Talking about safety measures – there’s no such thing as enough security tips, so we’ve listed some of the cybersecurity must-haves for all to be remembered at all times:
Never click unsafe or unknown links.
Use multi-factor authentication.
Don’t share personal information.
Don’t use unknown USB sticks.
Keep your systems and apps up to date.
Never download software or media files from unknown sites.
Use VPN services on public Wi-Fi networks.
What about safety measures within businesses? Of course, apart from the safety measures listed above, you can, for instance, give users only the bare minimum privileges needed to do their jobs, purchase a cybersecurity insurance policy, invest in file activity monitoring (FAM) solutions, and/or use endpoint detection and response (EDR) and extended detection and response (XDR) tools.
Plus, the most important – train your employees! Provide your staff with cybersecurity workshops, present them with all the benefits of following the proper cyber hygiene and teach them how to detect potential dangers.
Now take a look at the essential tip left for the very end to highlight its importance to the maximum. So ….
BACKUP! BACK UP YOUR DATA!
Always back up your data to external devices or off-site locations. Take backups seriously by not only copying your data daily but also keeping some critical ones in other locations and disconnected from your primary network. This way, they’ll definitely be much less vulnerable to a ransomware attack. Why is external backup so important?
In the unfortunate case of a ransomware attack, decryption is no longer possible. Data backup protects you from the obnoxious consequences of a ransomware attack due to the fact that if you keep a backup in the event of an attack and are still able to prevent the malware from reaching and encrypting it too. This way, companies and organizations guarantee a safe and easy way to recover the data. Not being forced to pay the ransom.
Handle the worst-case scenario with backups with Open-E JovianDSS
Open-E JovianDSS is a ZFS- and Linux-based data storage software that contains the On- & Off-site Data Protection feature that is designed especially for backup. The feature allows users to back up and restore crucial company data in case of an unexpected disaster by creating consistent read-only snapshots and thanks to asynchronous snapshot replication to local and/or remote locations. Due to the fact that snapshots are read-only and thus cannot be encrypted, the backup server can stay online all the time. Replication tasks in turn, can be well-organized according to advanced retention plans, which control the creation and deletion of snapshots both on the source device and the backup one.
With Open-E JovianDSS On-&Off-site Data Protection, you can create an unlimited number of consistent snapshots of basically everything, including databases or virtual machines, with all the applications saved. This feature provides instant access to all data, which is a quick way to roll back to the state before a ransomware attack. So, why tempt fate by not having a backup solution if you can rest assured your data is actually safe?
See it yourself – Rollback from WannaCry Ransomware
Want to see how to prevent the ransomware consequences with a single data storage solution? There you go, we’ve prepared a manual of how to do it in just a few simple steps, based on Open-E JovianDSS data storage software.
Ransomware Attacks Archive
To show you the scale of ransomware attacks over the years and to highlight the perspective of how many enterprise companies face this problem, we decided to also include an archive of attacks from previous years. Be aware and stay safe!
On February 23rd, Nvidia was attacked by a cyber gang Lapsus$ who threatened to publish 1TB worth of data demanding a $1 million ransom. The data included employee details and crucial company data. As a result of this attack, the company went offline for two days. Luckily Nvidia handled the situation pretty well, and, what is more, some say they have hacked the hackers back. Even if not confirmed, it still sounds like a pretty interesting weapon to fight cyber gangs.
Another example is the case of the Costa Rica Government. This might have been the most spoken-of ransomware attack this year due to the fact that it was the first time ever that a country was forced to declare a state of national emergency. First, the Costa Rican government was threatened by a group Conti to pay $10 million, which soon increased to $20 million, and later another group attacked the country. In general, the social security fund, ministry of finance, and healthcare systems were deeply crippled
Next, Puma, a sports manufacturer, reported data breach issues after a ransomware attack at Kronos (one of Puma’s solutions providers). The original Kronos attack happened in 2021 during which the personal information of over 6,632 employees was stolen.
The biggest ransomware attack was reported in Bernalillo County, New Mexico, which took not only a number of county departments and government offices offline, but also the county jail. Because the malware affected the CCTV and automatic doors in the Metropolitan Detention Center, inmates couldn’t leave their cells. The situation could have turned into a possible violation of settlement agreements and ended up with much harsher consequences.