Ransomware almost doubled, the PA bodies in the crosshairs

In the first half of 2021, ransomware attacks are up 93% year-over-year, according to Check Point's monitoring. Published on 18 November 2021 by Redazione

Stopping talking about ransomware attacks is almost impossible: continuously new news hits made by cybercriminals and new numbers and statistics describe a growing and increasingly worrying phenomenon. The rise in numbers of ransomware, first of all, shows no signs of fading: in the new CheckPoint report ("2021 Mid-Year Cyber Attack Trends Report"), the result of surveys by the vendor's global network, we read that in the first half of 2021 Cyber attacks grew by 29% compared to the first half of 2020, but looking at ransomware alone, the increase is 93%. The Public Administration sector remains one of the preferred targets, considering that hitting a government agency can allow the authors to raise substantial sums or at least to obtain a great media coverage (as happened in the attack on the systems of the Lazio Region). Furthermore, the data controlled by a public body are many and varied, often relating to spheres of sensitive information (for example on people's health). The third reason concerns the ease with which the attackers hit the target.

"Unlike the commercial world," Check Point commented, "public sector organizations are not profit-oriented and cannot easily justify increasing IT spending as a simple preventative measure." One in four PA companies has only one member of the staff responsible for IT security, while on the other hand, the use of outsourcing for security services is extremely widespread in this sector. Over 95% of public sector organizations outsource firewall configurations to third parties, and over 80% rely solely on third parties when responding to incidents and recovery. Furthermore, almost half (48%) also outsource the control of the administration rights of internal users, and this represents a risk factor.

Why ransomware grows

Fueling this kind of cybercriminal activity, Check Point explains, is its profitability and the many possibilities of extortion it offers. In particular, after the affirmation of the "double extortion" technique (in which a ransom is first requested to decrypt the data taken hostage and then to prevent the public disclosure of the data) the so-called "triple extortion" is emerging. The third step is to knock on the door of customers and / or business partners of the affected company, asking them for further ransom payments.

Check Point data for the second half of 2021 will be released shortly, but in the meantime the company already knows how to predict that the ransomware phenomenon will grow further, despite the strengthening of the laws aimed at combating it. Hackers will make full use of penetration tools and try to customize attacks on the spot. Therefore, Check Point warns, for companies it is necessary to think not only of the protection from the primary damages of ransomware (such as encryption and ransom demand) but also of strategies that can limit “collateral damage”.

The cybersecurity trends of 2021

Other trends that characterized the first half of 2021 are the growth of supply chain attacks in the wake of the well-known case of SolarWinds and sophisticated operations such as those directed against Kaseya and Codecov. The race to establish itself as a worthy successor to Emotet also continued, following the dismantling of the infamous botnet in January of this year. Other malware-botnets have made their way onto the scene, such as Trickbot, Dridex, Qbot and IcedID. And among other things, as observed by other IT security vendors, in recent weeks Trickbot is working to spread a new version of Emotet on infected machines.