Why are ransomware attacks on the rise in Atlanta and North Georgia? Centerpoint IT shares their insights into this growing issue.
Make no mistake – the world is currently experiencing a digital pandemic of increasingly complex ransomware attacks.
The year 2020 was agreeably the toughest. For one, the pandemic situation wreaked havoc on communities and businesses globally. Then, along with the COVID-19 restrictions and work-from-home regulations came ransomware attacks that have been a nightmare for both public and private organizations.
Already 2021 has seen a histrionic spike in these cyber incidents. The recent spate of attacks has disrupted vital food supply chains, crippled critical infrastructure in the U.S., and revealed that no entity, small or established, is spared from the stealthy cyberattacks.
These attacks are made possible like most other cybersecurity breaches. The malware mostly takes root in organization networks with legacy systems or those without the latest software updates and patches. Furthermore, they can be contributed by users who don’t hesitate to open email links. It’s this malware that serves as the ransomware attack entry point.
In other cases, threat actors force their way into systems through publicly exposed interfaces. The Colonial Pipeline incident is one such attack, and the criminals used various publicly imperiled services. Most likely, they might have leveraged the organization’s unpatched Microsoft Exchange servers.
Cyberattacks are the greatest threat to business organizations in Atlanta and globally, and ransomware is among the most significant concerns for humankind. The impact of this universal threat is vividly reflected in the numbers.
The City of Atlanta recently experienced a ransomware attack and had to spend over $2.6 million on emergency activities in response to a ransomware incident that destabilized operations in the municipality. In addition, the attackers requested a bitcoin ransom worth about $50,000.
Other notable incidents globally include:
Even giant tech companies aren’t spared. Electronic hardware provider Acer also fell victim to a ransomware attack that made them lose $50 million as ransom.
These are only a few instances of reported successful ransomware attacks. Notably, numerous such cyberattacks go unreported; hence the already available information is just the tip of the iceberg.
The coronavirus epidemic certainly made most organizations vulnerable to ransomware. This was evident during the rapid global digital migration and work-from-home regulations where staff had to use their own devices. Workers accessed government and company systems from personal gadgets that served various potentially risky functions, from surfing the web to playing online games.
Another reason for the enormous spike in ransomware attacks is the increased value of cryptocurrency. Bitcoin is the cybercriminals’ most attractive means of payment, and ransomware groups prefer its discretion.
But the ransomware industry has experienced two key transformations that have been driving the increase in cyber incidents even before the pandemic situation.
These Attacks Have Pivoted
Initially, it used to be a threat where hackers prevent you from accessing your data. But nowadays, it’s a dual-threat where they threaten to release the data if the victim fails to pay the ransom.
A ransomware group recently targeted Metropolitan Police Department in Washington D.C. with this attack. The department was requested to pay $4 million but declined to make the payment even after allegedly offering to pay $100,000. As a result, the group went ahead to publish embarrassing pages on the department’s background investigations.
The additional liability and damaged reputation of having sensitive data published increases victims’ potential financial pain. This further increases their likelihood of paying the demanded ransom. The more organizations pay the ransom, the more the attack increases in prevalence.
Emergence of Ransomware-as-a-Service
Besides launching their own attacks, sophisticated ransomware groups are now offering their services to aspiring cybercriminals as a bundle. The package comprises malware, phishing operation, premade data leak site, and a payment platform.
DarkSide’s attack on the Colonial Pipeline gives several indications of a RaaS operation. First, there was an immediate news flurry about the shutdown, which attracted unwanted attention. As a result, the group published a statement stating that they’ll introduce moderation to verify each company their partners are targeting to avoid any similar social consequences.
RaaS substantially lowers entry barriers into the business, which is likely to attract more reckless players in the business model.
While you cannot eliminate the cyber threat, several practices could protect you from falling victim and the exorbitant ransom payments. Here are the most critical ones:
Ransomware incidents have been on the rise amid the recent health epidemic. Targeting organizations of all types and sectors, ransomware has proven to be tremendously destructive. In just one day, criminals can cripple your ability to function, and the recovery efforts can be consuming. What’s more, paying the ransom will leave you with a damaged reputation and financial woes.
Fortunately, the above steps can reduce your Atlanta business’ vulnerability to this increasingly complex cyber threat. What’s more, a reliable cybersecurity expert like Centerpoint I.T. will help you maintain great cyber hygiene by training your staff and providing state-of-the-art cybersecurity solutions. So don’t hesitate to speak with us.