The volume of ransomware attacks was unprecedented in 2021. For instance, in the third quarter of the year, security researchers documented 190.4 million ransomware attempts. This volume made Q3 2021 the highest quarter ever recorded, reported Help Net Security. The period almost surpassed the 195.7 million ransomware attack attempts logged during the first nine months of the previous year.
The report predicted a total of 714 million ransomware attack attempts for all of 2021, a volume that would have marked a 134% year-over-increase. Reflecting on these findings, most organizations in various sectors expect to become the target of a ransomware attack in the future. As noted by HealthITSecurity, more than half (57%) of those organizations attributed their viewpoint to the fact that ransomware actors have already targeted so many other organizations in the industry.
For example, 48% of IT managers at local government agencies, and 63% of central government respondents in a survey covered by StateScoop, said that they expected their employer to suffer a ransomware infection in the future. In another study, 63% of healthcare organizations revealed their belief that ransomware actors would target them at some point.
A Cybereason study, titled Ransomware Attacks and the True Cost to Business, found that 66% of organizations reported a significant loss of revenue following a ransomware attack, and 53 percent of organizations indicated that their brand and reputation were damaged as a result of a successful attack, demonstrating that ransomware attacks pose a significant risk to a business’s viability.
Acknowledging the risk ransomware poses to business operations, organizations need to make sure that they can respond effectively to a ransomware attack to minimize impact to the business. Here are three things they can consider along the way:
The challenges associated with paying the ransom highlight an essential reality of ransomware response—namely, that it’s minimally effective when attackers are themselves prepared and intent on undermining organizations’ response efforts.
For example, Threatpost reported on a recently documented Conti ransomware variant that came with the capability to exfiltrate data from backups and then manually remove those backups. Ransomware gangs like Conti are embracing these tactics to force victims into a position where they’re more inclined to pay.
Simultaneously, paying the ransom rarely closes out a ransomware incident. In our report cited above, we learned that 80% of victims who paid a ransom ended up suffering another attack. About half (46%) of those respondents thought the same attackers had chosen to target them again. Meanwhile, a third noted that a different set of threat actors had perpetrated the attack, raising the possibility the initial gang had sold network access to the victim on the dark web.
Finally, organizations can’t always depend on third parties to cover all the ransomware attack costs. Nearly half (42%) of survey respondents had cyber insurance policies in place but revealed that their insurer covered only a portion of their losses.
Organizations are adopting Extended Detection and Response (XDR) solutions powered by Artificial Intelligence (AI) and Machine Learning (ML) to enable their security teams to better automate triage, investigation, and remediation efforts at scale to detect ransomware attacks at the earliest stages of an attack.
AI/ML-driven XDR can enable security teams to cut through the noise introduced by a constant flood of threat alerts, allowing security professionals to spend less time sifting through alerts and chasing false positives and more time working to improve the organization's overall security posture.
An AI-driven XDR solution can analyze large telemetry data sets with a high degree of accuracy to identify the most subtle Indicators of Behavior (IOBs) at a scale that manual human analysis can never match. The advantage here is in automating the detection of events that usually require human analysis and relieving security teams of the inefficient task of sorting the signal from the noise on the network.
An AI-driven XDR solution allows analysts to quickly identify malicious chains of behavior, never before seen malware variants, and detect complex ransomware attacks, or RansomOps, earlier to swiftly remediate known and unknown threats regardless of where they occur in an organization’s environment.
Cybereason is dedicated to teaming with Defenders to end ransomware attacks on the endpoint, across the enterprise, to everywhere the battle is taking place. Learn more about AI-driven Cybereason XDR here, browse our ransomware defense resources, or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.