New Target of Ransomware Attacks: Medium-sized Enterprises

New Target of Ransomware Attacks: Medium-sized Enterprises

Oct 31, 2021 / Kron

Ransomware attacks, one of the oldest and perhaps practical types in the history of malware attacks, can be defined as cyber threats that aim to illegally access data in an IT infrastructure. It is, however, very challenging to recover the financial losses caused by ransomware attacks, which are keeping the accessed data encrypted and demanding ransom in this way.

As a matter of fact, it is possible to state that the ransom rates have increased significantly in the recent period while the digital transformation has made an inevitable development. It is also useful to emphasise that the rise in ransom payments has created a target change for cyber attackers in certain aspects. The main question to be asked here is what are the consequences of changing cyber-attack methods and targets.

It can be clearly stated that the changes in the methods and objectives of the attempts to violate the cyber security elements have created unsettling results for medium-sized enterprises, in other words, these enterprises have become more open threats by means of data security. In this article, we will strive to create a roadmap for the precautions to be taken by supporting the connection between the reasons behind the change in the target and the resulting outcomes with statistical data.

Requested Ransom Rates Continue to Rise

The main problem with ransomware attacks that threaten access security components is that they have a really high-profit rate and a rather low-risk rate. For example, the profitability of ransomware attacks today is very similar to the profitability of the Colombian drug industry in 1992. Both operations have a profit rate of 90% or more per unit. On the other hand, the risk of ransomware attacks is much lower than in the drug trade. In 1992, a drug trafficker was 625 times more likely to be caught than a ransomware hacker in 2021.

Going through the ransomware attack statistics can be helpful to better understand the rising ransom rates. For example, today, when a company, business, or government agency encounters a ransomware attack, they are very likely to accept the cyber attacker's requests in exchange for a decryption key or a promise of data replay. This acceptance costs the aforementioned institutions approximately $140,000 per attack.

In addition to all these, it can be stated that the third quarter of 2021 paints a more pessimistic picture in terms of the damage caused by ransomware attacks compared to the second quarter of the year. In order to support our argument with current data, we can note that the average cost of a ransomware attack increased by 2.3% in the third quarter compared to the second quarter of 2021, reaching $139,739.

Finally, it can be stated that ransomware attack types and privileged account access security breach methods are intertwined. As a matter of fact, we can state that there was a 3% increase in the third quarter of 2021 compared to the previous quarter and that 83.3% of ransomware attacks currently involve the theft of corporate data.

Cyber Attackers are Changing Their Targets

The most important data explaining the target change of cyber attackers is that the average of these attacks increased by 52.5% compared to the previous quarter and reached 71,674 dollars. It is quite possible to associate the striking increase in the average with the target change toward medium-sized enterprises, which is the headline of our article.

It can be stated that cyber attackers who use ransomware attacks to create data leaks choose their medium-sized enterprises and organizations as victims rather than attempts to trigger an international sanction or political crisis. It is worth emphasizing that the process called the transition from big game hunting to midgame hunting in the cyber world creates changes regarding ransomware attack data and personalizes the target demographic.

A few more determinations can be made based on the third quarter researches on the subject of target change. Analyzing the data, the result reveals that small/medium-sized enterprises, law firms, and financial services organizations are organizations the are at high risk from ransomware attacks.

In addition to the data confirming the target change of cyber attackers, it may be beneficial to address the issue of ransomware attack surfaces. A hacker who chooses to use a ransomware attack recently uses medium-sized enterprises as conductors for their attacks. It can be stated that this does not indicate targeting one or a few companies in a specific way, but the search for a connected sector that offers maximum gain for the recovery of critical data on a larger scale.

However, it should be noted that the cyber attackers' attempt to access critical data consisting of privileged account credentials and passwords poses a serious risks, regardless of the target change. It is important to underline that, being a part of a ransomware attack may disrupt business continuity and it is only possible with a comprehensive Privileged Access Management (PAM) solution to prevent the growth of the extortion economy in the area in question on an institutional basis, as the risk that is taken by the attackers is not higher than the rewards.

Recent Statistics of Ransomware Attacks

While sharing the notable statistics about ransomware attacks, one of the issues to be addressed is the market share of attack types. Five new variants were identified between 10 ransomware types with the highest market share in the data for the third quarter of 2021. The names of the five new variants are as follows:

  • Lockbit 2.0 (8.4% market share)
  • Ranzy Locker (3% market share)
  • Suncrypt (2.5% market share)
  • Hive (2.5% market share)
  • BlackMatter (2% market share)

At the top of the list is the Conti V2, which increased its market share by 1% to 19.2%, and the only decrease was of the market share of the Ryuk variant by 2% compared to the second quarter of the year. The variant that increased its market share the most was Zeppelin, which reached a market share of 4.4% in the third quarter with a 3% increase.

One of the results of research on ransomware attacks is about the MITRE ATT&CK Tactics knowledge base. The ATT&CK Tactics knowledge base, developed by MITRE, an IT company, is used to develop threat modelling and defence methodology for attacks by cyber attackers on networks and systems.

Third-quarter data from the ATT&CK Tactics knowledge base shows that hackers used credential access tactics in over 75% of cases. Again, in more than 75% of the cases, the horizontal movement tactic was observed, whereas in more than 50% of the cases, the tactic called defence evasion, which means that cyber attackers try not to face the threats created for them by the defence mechanism during the ransomware attack, were displayed in the statistics.

In addition to these, it is worth noting that the most used ransomware attack types in the third quarter of 2021 are e-mail phishing, RDP negotiation, and software vulnerabilities.

Cyber security policies need to be reviewed to prevent ransomware attacks that disrupt business continuity. It is very important to protect the credentials of privileged accounts while reviewing cyber security policies. Privileged Access Management is one of the most approved methods to protect privileged accounts, authorized users and passwords of  these accounts within the correct IT infrastructure.

If you are looking forward to ensure data and access security by protecting your critical data end-to-end, you can check on our PAM solution Single Connect which is included in the 2021 Gartner Magic Quadrant for Privileged Access Management report.

For further information, please feel free to contact us and get the answers of your questions about Privileged Access Management from our expert team.



“Ransomware attackers down shift to 'Mid-Game' hunting in Q3 2021.” Coveware,

Other Blogs