A system intrusion attack — of which ransomware is a subset — comprises techniques that leverage a combination of social engineering, malware deployment, and hacking.
System intrusion attacks increased dramatically in 2021. North America accounted for the highest number of such attacks in 2021, with more than 900. The previous year, this region accounted for close to 500 breaches. The Asia Pacific region, including India, reported 30 breaches in 2020 and 54 in 2021.
Verizon found that the culprit was an external actor in 98 percent of the cases, with financial gains being the motive in 93 percent of the issues. Industrial espionage, at 6 percent, too was a factor. Credentials were stolen in 42 percent of the cases, while personal data was stolen in 37 percent of the attacks.
Prominent ransomware attacks
Ransomware attackers are very tricky to track down as most of them demand ransom in modes of payment that are untraceable, such as cryptocurrency. The WannaCry attack, which lasted four days from May 12-15, 2017, has affected more than 2 lakh computers across 150 countries, resulting in losses of billions of dollars in business.
India was the third worst-affected nation, with cybersecurity firm Quick Heal Technologies stating that WannaCry targeted around 48,000 computers in the attack, with most incidents in West Bengal.
In August 2018, a variant of WannaCry infected 10,000 computers operated by semiconductor giant TSMC, forcing the company to temporarily shut several of its chip-fabrication factories.
North Korea was accused of initiating the WannaCry attacks, with the US Department of Justice formally charging a hacker named Park Jin-hyok in 2019.
How to block a ransomware attack
Unlike other forms of cyberattacks, ransomware is relatively straightforward. The perpetrator is typically only interested in monetisation — holding the organisation hostage — and may not necessarily be interested in stealing information. They only need to encrypt the data and make it inaccessible to the targeted individual or organisation.
The Verizon report suggests that vigilance should be enough to counter the threat in most cases — 40 percent of ransomware incidents involved desktop sharing software, and 35 percent involved email attachments/links.
"If attackers have credentialed remote access, they can leverage that directly. Otherwise they must make their own remote access by emailing either malicious links or attachments," the report states.
"Locking down your external-facing infrastructure, especially RDP (remote desktops) and emails, can go a long way toward protecting your organisation against ransomware," the report adds.
Malwarebytes issued an advisory on the best ways to mitigate ransomware attacks, such as:
Risk Recon, a third-party cyber risk management company set up by Mastercard, said the best protection is to create awareness, whether at an individual level or an organisational level.