New Target of Ransomware Attacks: Medium-sized Enterprises

New Target of Ransomware Attacks: Medium-sized Enterprises

Oct 31, 2021 / Kron

Ransomware attacks, one of the oldest and perhaps practical types in the history of malware attacks, can be defined as cyber threats that aim to illegally access data in an IT infrastructure. It is, however, very challenging to recover the financial losses caused by ransomware attacks that keep the accessed data encrypted and demand a ransom.

As a matter of fact, it is possible to state that the ransom rates have increased significantly in the recent period while digital transformation has undergone an inevitable development. It is also useful to emphasize that the rise in ransom payments has created a target change for cyber attackers in certain aspects. The main question to be asked here is what are the consequences of changing cyber attack methods and targets?

It can be clearly stated that the changes in the methods and objectives of the attempts to circumvent cyber security elements have created unsettling results for medium-sized enterprises. In other words, these enterprises have become open targets by means of data security. In this article, we will strive to create a roadmap for the precautions to be taken by supporting the connection between the reasons behind the change in targets and the resulting outcomes with statistical data.

Requested Ransom Rates Continue to Rise

The main problem with ransomware attacks that threaten access security components is that they have a really high-profit rate and a rather low-risk rate. For example, the profitability of ransomware attacks today is very similar to the profitability of the Colombian drug industry in 1992. Both operations have a profit rate of 90% or more per unit. On the other hand, the risk of ransomware attacks is much lower than in the drug trade. In 1992, a drug trafficker was 625 times more likely to be caught than a ransomware hacker in 2021.

Going through the ransomware attack statistics can be helpful to better understand the rising ransom rates. For example, today, when a company, business, or government agency experiences a ransomware attack, they are very likely to accept the cyber attacker's requests in exchange for a decryption key or a promise of data replay. This acceptance costs the aforementioned institutions approximately $140,000 per attack.

In addition to all these, the third quarter of 2021 paints a more pessimistic picture in terms of the damage caused by ransomware attacks compared to the second quarter of the year - the average cost of a ransomware attack increased by 2.3% in the third quarter compared to the second quarter of 2021, reaching $139,739.

Finally, ransomware attack types and privileged account access security breach methods are intertwined. As a matter of fact, we can state that there was a 3% increase in the third quarter of 2021 compared to the previous quarter, and that 83.3% of ransomware attacks currently involve the theft of corporate data.

Cyber Attackers are Changing Their Targets

The most important data explaining the target change of cyber attackers is that the average of these attacks increased by 52.5% compared to the previous quarter and reached $71,674. It is quite possible to associate the striking increase in the average with the target change toward medium-sized enterprises, the headline of our article.

Cyber attackers who use ransomware attacks to create data leaks select medium-sized enterprises and organizations as victims, rather than attempt to trigger an international sanction or political crisis. It is worth emphasizing that the process called the transition from big game hunting to midgame hunting in the cyber world creates changes regarding ransomware attack data and personalizes the target demographic.

A few more determinations can be made based on the third quarter research on the subject of target change. Analyzing the data, the result reveals that small/medium-sized enterprises, law firms, and financial services organizations are at high risk for ransomware attacks.

In addition to the data confirming the target change of cyber attackers, it may be beneficial to address the issue of ransomware attack surfaces. A hacker who chooses to use a ransomware attack most recently uses medium-sized enterprises as conductors for their attacks. This does not indicate targeting one or a few companies in a specific way, but the search for a connected sector that offers maximum gain for the recovery of critical data on a larger scale.

However, it should be noted that the cyber attackers' attempt to access critical data consisting of privileged account credentials and passwords poses a serious risk, regardless of the target change. It is important to underline that, being part of a ransomware attack may disrupt business continuity. Only with a comprehensive Privileged Access Management (PAM) solution is it possible to prevent the growth of the extortion economy on an institutional basis, as the risk taken by the attackers is not higher than the rewards.

Recent Statistics of Ransomware Attacks

While sharing notable statistics about ransomware attacks, one of the issues to be addressed is the market share of attack types. Five new variants were identified between 10 ransomware types with the highest market share in the data for the third quarter of 2021:

  • Lockbit 2.0 (8.4% market share)
  • Ranzy Locker (3% market share)
  • Suncrypt (2.5% market share)
  • Hive (2.5% market share)
  • BlackMatter (2% market share)

At the top of the list is the Conti V2, which increased its market share by 1% to 19.2%, and the only decrease was the market share of the Ryuk variant by 2% compared to the second quarter of the year. The variant that increased its market share the most was Zeppelin, which reached a market share of 4.4% in the third quarter, with a 3% increase.

One of the results of the research on ransomware attacks involves the MITRE ATT&CK Tactics knowledge base. The ATT&CK Tactics knowledge base, developed by MITRE, an IT company, is used to develop threat modelling and defense methodology for attacks by cyber attackers on networks and systems.

Third-quarter data from the ATT&CK Tactics knowledge base shows that hackers used credential access tactics in over 75% of the cases. Again, in more than 75% of the cases, the horizontal movement tactic was observed, whereas in more than 50% of the cases, a tactic called defense evasion, which means that cyber attackers try not to face the threats created for them by defense mechanisms during the ransomware attack, was displayed in the statistics.

In addition to these, it is worth noting that the most used ransomware attack types in the third quarter of 2021 are e-mail phishing, RDP negotiation, and software vulnerabilities.

Cyber security policies need to be reviewed to prevent ransomware attacks that disrupt business continuity. It is very important to protect the credentials of privileged accounts while reviewing cyber security policies. Privileged Access Management is one of the most approved methods to protect privileged accounts, authorized users, and the passwords of these accounts within the correct IT infrastructure. 

If you are looking forward to ensure data and access security by protecting your critical data end-to-end, you can rely on our PAM solution, Single Connect, which is included in the 2021 Gartner Magic Quadrant for Privileged Access Management report.

For further information, please feel free to contact us and learn about Privileged Access Management from our expert team.



“Ransomware attackers down shift to 'Mid-Game' hunting in Q3 2021.” Coveware

Other Blogs