How many people DON’T report ransomware attacks?
It’s too early to see the Q42021 results from CertNZ but their Q3 report tells there were 2,072 incidents that they responded to in Q3 and fraud/scam’s were up 25%.
Their report confirms that the very risks we have been warning our readers about are very real, and the defences that all organisations need are layered tools like KARE for Security that minimise risk.
No one can prevent a cyber-attack but we can reduce the risk.
We’ve just had a report from US cyber-vendor “BlackFog” come through that reports on ransomware in 2021, and the most stunning statistic was that cybercrime damage is expected to hit $US6Trillion this year, up from $23Trillion in 2015.
2021 Ransomware Attack Report | BlackFog
The link above shows a summary of the larger incidents that impacted more recognisable names in a month-by month timeline : Dassault Falcon Jet, Hackney Council, Northern Territory Government, Serco, Toyota, Kia, Nine Network, University of Maryland and so many more – more universities, more government agencies, police departments, healthcare including here in NZ. But the alarming information was that more of the attacks were moving into the SME space.
Not only that, but the nature of attacks against non-PCs stepped up, highlighted by “FluBot’ in September – FluBot malware infecting Android phones | CERT NZ
At a glance:
- 17% increase in reported ransomware attacks on the previous year
- 80% of these involved data theft, and in many cases stolen data was exposed on the dark web
- Revil were the dominant player, with 17.5% of attacks. Hopefully being arrested will slow them down this year!
BlackFog’s predictions are:
1. Ransomware gangs will rival enterprises in complexity: In 2022, there will be greater coordination between ransomware gangs, double extortion evolving to triple extortion and short selling schemes skyrocketing.
2. Companies that pay ransoms will pay in other ways: Consumer trust of organizations that pay the ransom will continue to erode and lawsuits will abound as organizations are thrown under the bus for not doing enough to prevent data exfiltration.
3. Our food supply will be compromised: As cyber adversaries continue to focus on making the biggest impact by affecting the most people, the food and agriculture industries will remain an attractive target, with a successful attack crippling our food supply likely in the coming year.
4. Cyber insurance providers and security vendors will join forces: With mandatory reporting now in place and a move toward it becoming illegal to pay out ransoms, cyber insurance providers will need to rethink their business models and likely partner with security vendors to build a more lucrative sales model.
5. Africa and SE Asia will become cyber contenders: As cyber criminals look to find cheaper labour and technical expertise, 2022 will see new threat actors from Southeast Asia and Africa.