From the ransomware front, Cybersecurity Dive reports
The prevalence and scope of ransomware exploded in 2021, as two-thirds of mid-sized organizations worldwide were targets and average ransom payouts saw a five-fold increase, according to the State of Ransomware 2022 report from Sophos released Wednesday.
Ransomware hit 66% of mid-sized organizations last year, up from 37% in 2020. Average ransom payments reached $812,000 during 2021, compared with $170,000 the prior year.
Among organizations with encrypted data, 46% paid a ransom to adversaries. In addition, 26% of organizations who were able to restore data from backups, still decided to pay a ransom.
To make matters even worse, Security Week informs us
As part of a recent cyberattack, threat actors deployed ransomware less than four hours after compromising the victim’s environment, according to researchers with The DFIR Report.
The attack started with an IcedID payload being deployed on a user endpoint and led to the execution of Quantum ransomware only three hours and 44 minutes later. DFIR Report researchers described it as one of the fastest ransomware attacks they have observed to date.
In a Ryuk ransomware attack in October 2020, the threat actors started encrypting the victim’s data only 29 hours after the initial breach, but the median global dwell time for ransomware is roughly 5 days, according to Mandiant’s M-Trends 2022 report.
Once the ransomware has been executed, however, the victim’s data may be encrypted within minutes. A recent report from Splunk shows that ransomware needs an average of 43 minutes to encrypt data, while the fastest encryption time is less than 6 minutes.
ZDNet describes how a single failure to patch a vulnerability opened the door to ransomware hackers. The article emphasizes the importantance of basic cybersecurity hygiene advice:
“The biggest lesson here is patch the network infrastructure – whatever is facing the internet, it’s always important for it to be fully patched,” said Daniel dos Santos, head of security research at Forescout.
It’s also recommended that organisations monitor their networks for external access from known IP addresses or unusual patterns of behavior. In addition, businesses should backup their servers regularly. Then, if something happens, the network can be restored to a recent point without needing to pay a ransom.
Perhaps then it is not surprising that a Security Week expert advises “it is important to increase an organization’s ransomware preparedness and assure that the tools needed for remediation, eradication, and recovery are not just in place but also functioning as expected. This is especially true for the recovery of endpoints, which represent an essential tool for remote workers to conduct their assigned business tasks in today’s work-from-anywhere environment.”
As always and it may be every other week now, here is a link to Bleeping Computer’s The Week in Ransomware.
From the vulnerabilities front, HHS Cybersecurity Program released
- a report on 2021’s top exploited vulnerabilities
- a warning about BlackCat/ALPHV Ransomware Indicators of Compromise, and
- an international joint cybersecurity advisory on Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure.
CISA added “seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.”
Health IT Security notes
Mandiant Threat Intelligence observed a record number of zero-day exploits in 2021, its latest report revealed. The firm identified 80 exploited zero-days in 2021, compared to just 30 in 2020. Threat actors favored zero-days in Google, Microsoft, and Apple products most frequently, largely exhibiting the popularity of those vendors.
The term “zero-day” indicates that there is no time between when a vulnerability is discovered by developers and when it is exploited by bad actors.
From the cyberdefenses front —
- Healthcare Dive discusses what cyber insurance companies expect from their policyholders.
- Federal News Network provides insights into achieving zero trust requirements.
- ISACA explains what you need to know about malicious cybertrends.