Ransomware and Beyond series

How Ransomware Impacts the World Around Us

Ransomware is an ever-changing threat, and its impacts have grown both in seriousness and scale over the last few years. As we noted in our article on its origins, ransomware started out as a form of cyberattack that mainly targeted individuals. During this time, locker ransomware was the leading type of ransomware, which operates by locking users out of their systems. Generally speaking, this type of ransomware was easy to overcome as it predated encryption and did not affect user data.

Everything changed in 2013. This was the year that crypto ransomware emerged, a sub-category which operates by encrypting user data. This, coupled with the rise of cryptocurrency like bitcoin, made it much easier and much more lucrative for attackers to focus on bigger targets, namely corporations.

In recent years, virtually every aspect of ransomware has ramped up. There are more types of ransomware, more gangs carrying out attacks, more attacks in general, and higher ransom fees being requested than ever before.

For businesses, ransomware is an impossible threat to ignore. IBM’s Cost of a Data Breach Report 2021 revealed that the average ransomware breach costs $4.62 million, an amount which only accounts for the costs of escalation, notification, lost business, and response. (The ransom fee is a whole other story.) This figure places ransomware attacks at the top of the list of most expensive security breaches in the threat landscape today—enough to seriously impact most corporations.

In this article, we’ll take a look at some of the most influential ransomware attacks and trends we’ve seen, how cybersecurity has changed to respond to this growing threat, and who’s commonly impacted by ransomware beyond the corporations that are now being targeted.

Ransomware’s rise

The different types of ransomware are growing in number every day. We covered the three most ubiquitous types in our article on the origins of ransomware, but more are active today than ever. (Security Scorecard outlined 10 of these in a recent blog post).

There are three main groups deploying this ever-growing list of ransomware attacks: state-sponsored actors, digital criminal organizations, and security researchers. (We explore each in more detail in our ransomware origins article). Of these groups, state-sponsored actors and digital criminal organizations pose the biggest threat to society at large.

We’ve seen just how damaging and effective these attacks can be in recent years. As Digital Guardian reports in their blog post titled, “A History of Ransomware Attacks: The Biggest and Worst Ransomware Attacks of All Time,” things really started to ramp up after the rise and fall of CryptoLocker in 2013. While that specific type of ransomware didn’t last long, many other types of crypto ransomware emerged in its wake, and over time, they started targeting banks, hospitals and other healthcare providers, and government entities.

The most influential ransomware attacks

The shift to targeting essential institutions, rather than individuals, is what really made ransomware the societal threat it is today. It also led to some of the biggest attacks to date.

Hospital and medical center attacks

Some of the biggest ransomware attacks have been carried out against hospitals and other medical centers. As Digital Guardian reports, one of the largest was carried out against Hollywood Presbyterian Medical Center in 2019, in which a ransom of $3.4 million was allegedly demanded (the company later contested this figure, reporting that they only paid $17,000 to get their systems back up and running).

Similar instances were reported elsewhere, with attacks at Kentucky Methodist Hospital, Chino Valley Medical Center, and Desert Valley Hospital occurring in the same month. Luckily, the targeted hospitals were able to restore their systems without paying the ransom, though the attack did cause a disruption that impacted operations for several days.

If nothing else, these attacks prove that no institution is considered out of bounds by today’s attackers. In fact, the more chaos an attack may cause—in these cases, compromising the ability to care for patients—the more likely attackers may elect to target that institution.

The Colonial Pipeline attack

As David Bisson wrote on our own blog, the Colonial Pipeline attack, which occured in May 2021, was a game-changer for a number of reasons.

The first was the sheer chaos caused by the attack. The attack motivated the Colonial Pipeline Company to suspend its pipeline operations, which led to a fuel crisis along the US East Coast. As Bisson wrote, this crisis led to a period of “crazed” panic buying in some regions, which led to outages. One North Carolina gas station even filed a lawsuit against the Colonial Pipeline Company for the damages they incurred.

This attack also led the Transportation Security Administration (TSA) to release two Security Directives to help pipeline organizations better protect themselves and respond to ransomware threats. Bisson writes that the TSA’s first new directive “requires pipeline organizations to report digital security incidents to the Cybersecurity & Infrastructure Security Agency (CISA) as well as to appoint a Cybersecurity Coordinator who’s available 24/7.” It also necessitates that pipeline organizations “review their existing security measures and report any gaps within 30 days.”

Finally, this attack prompted President Biden to state that the US would respond if it continues to suffer ransomware attacks like the Colonial Pipeline attack. (More on that later.)

The Kaseya software supply chain attack

Another ransomware attack that made headlines this year was the Kaseya software supply chain attack. In that security event, attackers demanded an astounding $70 million in ransom for a universal decrypter.

Aside from the sheer absurdity of the amount requested in ransom, this attack was a big deal for a number of other reasons. As Matt Tait wrote on the Lawfare blog, the fact that this attack targeted an MSP and leveraged its software to deploy the malware automatically was particularly insidious: “A malware operator with access to automatic software delivery infrastructure has no incentive to keep the infections small.”

Tait went on to say that software supply chain security breaches stood out because of the so-called central conundrum of system security: “It’s not possible to defend the edges of a system without centralization… but this same centralization concentrates offensive action against a few single points of failure that, if breached, cause all of the edges to fail at once.”

Overall, this attack showed that supply chain attacks are different from others, and that new solutions are required to combat them.

How the rise of ransomware has shifted cybersecurity

The rise of ransomware and its growing list of victims has of course meant that cybersecurity measures have had to ramp up, as well.

In May 2021, President Biden released an Executive Order (E.O.) on “Improving the Nation’s Cybersecurity,” which, as Bisson wrote on our blog, aimed to secure the US federal government’s software supply chain. The E.O. goes on to say that “there is a pressing need to implement more rigorous and predictable mechanisms for ensuring that products function securely, and as intended.” Bisson notes that the E.O. points to a “broader effort to modernize the U.S. federal government’s cybersecurity.”

Looking at this example, it’s obvious that ransomware is front and center in terms of national—and even global—concerns. And while large, headline-making attacks highlight the large corporations and governmental bodies that are being targeted, it’s a problem that faces all businesses, big and small. In fact, according to Forbes, over half of today’s ransomware victims are small businesses. These entities end up bearing the brunt of attacks due to fewer resources and shallower pockets.

It will be interesting to see how the government continues to address the ever-present threat of ransomware, but it’s also comforting to know that there’s a great deal that organizations can do to protect themselves in the event of an attack. In later articles, we’ll go over how organizations can prevent ransomware, how to recover from ransomware attacks, and how teams can use table top exercises to test their ransomware response plans and thereby defend against worst-case scenarios.

Next article

Test your ransomware knowledge
Take the ransomware quiz and see if your knowledge is up to scratch
Sign up to the Ransomware and Beyond Series

We'll notify you when new articles are released

More from this series
1. What is ransomware?

Ransomware is one of the top cybersecurity threats, and it has gained enough ubiquity and power in recent years that defending against it is now a major security consideration for most corporations, and even government bodies.

Read article
2. Ransomware origins

As with most threats, it’s helpful to learn more about where ransomware came from in order to understand how it affects the world today. We’ve covered the basics of what ransomware is in our first article, and in this one, we’ll cover its origins (as well as how it’s evolved over time).

Read article
4. Top 7 Ways Ransomware Enters Networks

nyone with an eye on cybersecurity these days knows that there’s never just one thing to worry about. As David Pickett, Senior Cybersecurity Analyst at Zix | AppRiver puts it, there are a number of ways that hackers can use ransomware to enter networks, and that number is growing all the time.

Read article