Ransomware attacks are not only becoming increasingly sophisticated - they're also targeting critical infrastructure and becoming more "professional," according to a recent report highlighting ransomware attacks that took place last year.
The Joint Cybersecurity Advisory - coauthored by authorities in the United States, United Kingdom and Australia - found an "increase in sophisticated, high-impact ransomware incidents against critical infrastructure" last year. The advisory noted 14 of the 16 critical infrastructure sectors in the U.S., including defense and emergency services, were targeted in 2021. Critical infrastructure targets in Australia included the medical and energy sectors.
Attacks Becoming More "Professional"
According to the advisory, the three most common forms of ransomware attacks last year were phishing attacks, attacks involving stolen remote desktop protocols (RDPs) and brute force attacks.
Interestingly, the advisory noted ransomware attacks became increasingly "professional" last year with a rise in cybercriminal services for hire. Authorities noticed increased use of ransomware-as-a-service (RaaS), as well as more attackers hiring third parties to negotiate payments with victims and assist victims in making payments - and to arbitrate payment disputes between cybercriminals.
The U.K.'s National Cyber Security Centre found that some attackers made a 24/7 help centre available to victims in order to facilitate ransom payments.
Attackers Using "Triple Extortion" Methods
The advisory also noted that attackers are increasingly using "triple extortion" methods by threatening to publicly release victims' stolen information, disrupting victims' internet access and/or threatening to inform victims' shareholders, partners or suppliers of an attack.
Attacks Happening on Holidays and Weekends
Authorities in the U.S. noticed "increasingly impactful attacks" taking place on holidays and weekends throughout 2021. These were seen as attractive timeframes due to the lower number of network defenders and IT personnel working, the advisory noted.
Throughout the year, attackers also showed a preference for targeting cloud services infrastructure, managed service providers, industrial processes and the software supply chain. Targeting the software supply chain increases the scale of ransomware attacks by "accessing multiple victims through a single initial compromise," the advisory said.
How Can You Avoid an Attack?
Cybersecurity authorities throughout the U.S., U.K. and Australia warn that "if the ransomware criminal business model continues to yield financial returns for ransomware actors, ransomware incidents will become more frequent," the advisory noted.
There are several techniques to mitigate the risk of an attack, such as keeping operating systems and software up to date, securing and monitoring RDPs and implementing phishing exercises to educate staff on ransomware risks, among other measures identified in the advisory.
Although the attacks outlined in this blog happened outside of Canada, they are representative of the types of attacks we're seeing here. The MLT Aikins Privacy, Data Protection & Cybersecurity team has extensive experience helping clients develop effective strategies to prevent and respond to ransomware attacks. Download our cybersecurity checklist to assess your organization's current cybersecurity strategy.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.