Home Ransomware report: The state of ransomware right now

Ransomware report: The state of ransomware right now


The No. 1 industry hit by ransomware

According to a recent analysis of 1,200 companies, the industry that’s most commonly hit by ransomware is: the construction industry. From major engineering groups to family-owned enterprises, construction firms can experience ransomware attacks that lead to major losses in funds and clients alike.

Within the construction industry, “siegeware”, which specifically targets smart building technologies, represents another growing threat. For construction firms, proactive cyber security frameworks, strategies and prevention measures are key.

Average ransomware payment

In the US, ransomware payments have surpassed previous numbers and are reported as totaling upwards of $6 million dollars. Of 742 cyber security experts interviewed, researchers discovered that the average ransom payment reached $6,312,190. And that was merely the average.

“While organizations are counting the costs of implementing generation V security, the ransomware cybercrime groups are counting the money,” says expert Micki Boland.

Exploit-as-a-Service and access to networks

To deliver an increased volume of attacks, some ransomware gangs are buying zero-day vulnerabilities. Cyber criminals can make even more money when they ‘lease’ these vulnerabilities to less sophisticated cyber criminals; a practice known as ‘exploit-as-a-service’.

Ransomware gangs are also purchasing access to corporate networks via underground forums. For ransomware attackers, buying network access is more efficient than breaking into networks themselves. Research indicates that shady sites offer network access to financial services groups, healthcare organizations, education-focused groups, and manufacturing enterprises.

The next ransomware variant: Yanluowang

If your security personnel maintain a list of ransomware variants to watch out for, consider adding “Yanluowang” to the list. Experts state that this ransomware is gradually establishing itself within the marketplace and has gained attention among cyber criminals.

Thus far, the majority of Yanluowang ransomware cases have stemmed from unpatched Microsoft Exchange servers of Internet Information Services (ISS) servers. Researchers have observed techniques and procedures (TTP) that overlap with those used by the Thieflock ransomware operation.

Preparing for new ransomware threats

Immunize your organization against ransomware. “You may not stop every cyber attack, but you can avoid the worst effects of security compromise if you have a plan,” says CISO Cindi Carter.

As 2022 approaches, it may be time to revisit your existing plan or to start the year with a fresh ransomware response plan. These resources can help:

“Ransomware should not affect you if you have a good prevention strategy in place” says CISO Pete Nicoletti.

Recovering from ransomware

Recovering from ransomware can be tough. Tools such as No More Ransom may offer reprieve, but you may need to call in the experts. From cyber security firms to federal law enforcement agencies, expert assistance can prove invaluable.

But a prevention-first strategy is best. Looking for more expert insights? Check out this article. Also, be sure to share this content with your colleagues, clients and prospects via our share buttons, below.