The US is among countries with the largest population embracing technology and has most of its operations relying on sturdy IT infrastructure. This provides adequate room for growth while enabling businesses and organizations to become more efficient. Other crucial benefits of a reliable IT infrastructure include better learning techniques, time-saving, promoting resource utilization, and enhancing communication means.
However, an IT infrastructure faces numerous threats despite being the key driver in facilitating operations and promoting advancements in tech. Ransomware is among the top cyber threats threatening hundreds of industries in the US. Besides, ransomware attacks have had a steep upward trend with a year-over-year increase of 139%. So, what makes the US experience an increasing number of ransomware attacks?
In this post, we’ll highlight crucial factors promoting the increase in ransomware attacks in the US. But first, let’s discuss what ransomware is all about.
In a nutshell, ransomware is a class of malware or malicious software that encrypts a victim’s file or prevents users from accessing their systems. Once the attack has been executed, attackers will demand a ransom to restore encrypted files or allow the user to access the system upon payment. To ensure they remain anonymous, cybercriminals usually provide instructions on making payments before sending a decryption key.
Ransomware can access computers in different ways. The most common form is phishing, where a victim is sent an email that contains malicious software. Once opened, it launches an attack that either ‘freezes’ the victim’s computer or encrypts targeted files. Other ransomware attacks include NotPetya, Jigsaw, Cerber, WannaCry, CryptoLocker, and GoldenEye. Although most attacks target large organizations, some hackers may target individuals capable of paying a ransom.
Ransomware has become increasingly serious, with attackers becoming bolder in launching hundreds of attacks within a short timeframe. For instance, an incident at Miami-based IT firm Kaseya led to over 200 businesses being hit by a ransomware attack in a single day. Here are some factors causing an increase in ransomware attacks in the US.
Cyber Failures by Victims
Most businesses, organizations, and individuals make it too easy for cybercriminals to access their systems and execute an attack. Leaving systems vulnerable to attacks increases the chances of ransomware. For instance, clicking on suspicious links sent by suspicious email or failing to keep software and systems updated exposes victims to attacks. Most companies fail to execute effective cybersecurity practices, allowing attackers to access systems easily.
A good example is a recent attack on the largest fuel pipeline company, Colonial Pipeline, where hackers accessed the system using an out-of-use VPN profile. The company had to pay a ransom amounting to $4.4 million to recover its data. In 2017, Brownsburg Public Library in Indiana faced a similar scenario where hackers accessed their system through a card catalog open to the general public. The library paid a total of $1,300 through Bitcoin to regain access to the systems.
Ransomware Has Become More Lucrative
Colonial Pipeline, JBS Foods, Brenntag, Acer, and other leading organizations are the latest victims to pay ransoms running to hundreds of millions of dollars to hackers. JBS Foods paid a total of $11 million, while Colonial Pipeline restored its data after paying $4.4 million. All these payments were paid through cryptocurrency, which makes it challenging to track and recover these funds.
In addition, hackers access sensitive information and threaten to publish the information if victims fail to pay. These scenarios have made ransomware attacks more lucrative, encouraging hackers to target more people and organizations and demand huge ransoms. For this reason, it is difficult to stop ransomware, leading to an increase in attacks in the US.
In definition, ransomware-as-a-service is a subscription-based model, allowing cybercriminals to share existing ransomware tools and software to execute attacks. After a victim pays a ransom, affiliates will distribute the ransom based on an agreeable percentage. This means criminal groups can sell or lease their ransomware software to other groups to launch an attack. It is the same way DarkSide, a group linked to the Colonial Pipeline hack, works.
The Russian Factor
According to US officials and cybersecurity researchers, most US ransomware attacks originate from Russia and countries in Eastern Europe. Besides, most of these attacks are encouraged by weak regulations of state-backed data operations governing overseas hacks. Another issue of concern is that these countries may recruit hackers to carry out hacks for specific objectives. To address this issue, US President Joe Biden met with Russian President Vladimir Putin and came up with measures to stop overseas attacks targeting leading US organizations.
At OneSource Technology, we understand the value of keeping your systems and data safe against ransomware attacks. We can help you understand and integrate the best security protocols and adopt practices to stay safe, allowing you to help lower ransomware attacks in the US. For more information about protecting your systems against ransomware, contact us to learn more today!