A Swarm of Ransomware Attacks Highlights the Need for High-Quality Threat Detection at the Start of the Attack Chain

Ransomware is insidious. It’s a treacherous and crafty way to terrorize individuals, communities, and businesses. It’s also an industry with multiple players, each playing a part in a chain that results in a big payday. Ransomware-as-a-Service (RaaS) groups like DarkSide, REvil, and others use automation, personal information, and the low cost of computing to gather the intelligence necessary to deliver a ransomware attack. According to Kaspersky, ransomware is now distributed mainly through compromised RDP accesses, phishing, and software vulnerabilities. Needless to say, the best way to reduce the risk of becoming the victim of a ransomware attack is to stop phishing and human hacking at the start of the attack chain. 

Phishing threats have been soaring off the charts in the last 12 months, and so has ransomware. It’s no surprise that both are on the rise. It’s a lucrative business. According to SlashNext Labs, phishing increase 350% in 2020, with a record 50K spear-phishing attacks in a single day in December 2020. Likewise, ransomware statistics show an increase in both growth and severity (Source: Cybercrime Magazine):

  • A ransomware attack will happen every 11 seconds in 2021
  • 91 percent of cyberattacks begin with spear-phishing 
  • The global cost associated with ransomware recovery will exceed $20 billion in 2021
  • By 2025, organizations will invest more than $1 trillion in their cybersecurity

 In recent well-publicized attacks, the focus of these cybercriminals has been healthcare/pharma, transportation, and vital infrastructure. These industries have been hit particularly hard as they rely heavily on systems and data to conduct business and are critical to the health and productivity of the Nation. Let’s take a look at a few such ransomware attacks.

The latest victim of the ransomware surge is JBS USA, resulting in 10 plants suspending operations. As the largest meat distributor in the US, disrupting this part of the supply chain could lead to food shortages. 

The Colonial Pipeline ransomware attack caught the entire industry off guard, causing panic across the United States. Colonial Pipeline provides 45% of the East Coast’s fuel, from jet fuel to heating oil. While the initial attack is not confirmed, it might have been an unpatched vulnerability or a phishing email that successfully fooled an employee to provide their credentials or both—these tactics are commonly used to infiltrate an organization’s network.

Broward County, FL, was the victim of a ransomware attack that brought their systems to a standstill. As the 4th largest school district in the US, the ransom was 10% of their $4B annual budget, showing the cybercriminals did their homework. County officials refused to pay the $4M demand, and 25K files of financial records, including purchase orders, invoices, and travel expenses claim forms, were leaked to the public. What’s next for Broward Country? They are taking the attack seriously and have requested a $20M increase in their cybersecurity budget.

This new swarm of ransomware attacks is alarming because the target organizations represent important infrastructure that can impact business, global markets, and governments. Microsoft and SlashNext Threat Labs reported that cybercriminals are using automation, trusted domains, and legitimate hosting like Constant Contact, Google App Engine, or Sharepoint to launch sophisticated attacks with increasing speed and success.

One of the reasons these organizations are often targeted is their lack of focus on attack prevention efforts. Cybersecurity budgets are underfunded primarily because the sophistication of cyberattacks increases faster than prevention capabilities. There are too many competing priorities, and the cost of countermeasures is perceived to be too high.

As phishing continues to grow as a vector for ransomware attacks, zero-hour, real-time threat prevention solutions are critical to stops these threats. An anti-phishing solution should protect against all forms of human hacking, phishing, social engineering, account takeover, BEC, ransomware, SMishing, supply chain attacks, and data theft across all communication channels, including email, SMS, web, social, gaming, collaboration apps, and search. Being able to block employee web traffic to phishing sites (via malicious links and other vectors) and stop a ransomware attack at the start of the kill chain is paramount.

SlashNext is the industry’s broadest, most up-to-the-minute intelligence on phishing threats. It is powered by SEERTM (Session Emulation and Environment Reconnaissance) threat detection technology using virtual browsers in a purpose-built cloud to dynamically inspect sites with advanced computer vision, OCR, NLP, and active site behavioral analysis. Machine learning enables definitive verdicts—malicious or benign—with exceptional accuracy and near-zero false positives.

Want to learn more about the relationship between Phishing and Ransomware? Register for the next Phish Stories Live Webinar—Phishing and Ransomware: A Marriage Made in Hell on June 17th at 10 AM PT. 

It’s Time to Get Started with SlashNext

Experience the difference with broad phishing threat coverage and automated delivery.