So far, 2021 is stacking up to be the most costly and dangerous year on record for the volume of ransomware attacks, SonicWall said in a new report.
The security provider has logged nearly 500 million attempted ransomware attacks through September, 2021, with 1,748 attempts per customer in that nine-month period. The overall total of 495 million to date amounts to a 148 percent surge as compared to the same period last year. SonicWall expects to record 714 million attempted ransomware attacks by the close of 2021, a 134 percent skyrocket over last year’s totals.
SonicWall CEO Knows MSSPs, MSPs Are Targets
Without doubt, those astronomic ransomware figures again reveal a profound threat worldwide, one that managed security service providers (MSSPs) are grappling with discovering, containing and mitigating at a rapidly escalating rate.
SonicWall is particularly attuned to the threat ransomware poses to a whole host of organizations, including MSSPs and managed service providers (MSPs), SonicWall president and chief executive Bill Conner said. “As we see it, ransomware is on a nearly unimaginable upward trend, which poses a major risk to businesses, service providers, governments and everyday citizens,” he said. “The real-world damage caused by these attacks is beyond anecdotal at this point.”
SonicWall released its findings following a mid-October White House virtual conference of 30 nations to hammer out strategies to combat ransomware and other types of cyber crime. At the summit, Australia, Britain, Germany and India led panel discussions, with attendees also from Eastern Europe, the Middle East and Latin America. Russia and China, universally considered the primary perpetrators of most cyber offensives, were not invited to the meeting.
Of note, SonicWall also discovered 307,516 previously unknown malware variants through September, 2021 for a 73 percent spike from last year. The Milpitas, California-based security specialist said its researchers found more than 1,100 novel variants per day.
SonicWall Ransomware Research: Key Data Points
Here are some additional SonicWall ransomware findings:
- In June, 2021, a new high water mark of 78.4 million ransomware attacks were recorded.
- SonicWall logged the equivalent to 9.7 ransomware attempts per customer each business day.
- The 190.4 million ransomware attempts in Q3, 2021 alone made it the highest quarter ever recorded by SonicWall, nearly overtaking the 195.7 million total ransomware attempts logged during the first three quarters of 2020.
- The U.S. has incurred a 127 percent year-to-date increase in the number of ransomware attacks while the U.K. has seen a 233 percent surge.
- Internet of Things malware incidents rose 33 percent globally.
- An overall 21 percent increase in crypto-jacking with a 461 percent balloon across Europe.
“The techniques deployed by ransomware actors have evolved well beyond the smash-and-grab attacks from just a few years ago,” said Dmitriy Ayrapetov, SonicWall’s platform architecture vice president. “Today’s cyber criminals demonstrate deliberate reconnaissance, planning and execution to surgically deploy tool chains targeting enterprise and government infrastructure. This results in larger victims and leads to higher ransoms.”
Tips to Protect Against Ransomware Attacks
To mitigate the risk of ransomware attacks, the FBI and CISA say MSSPs and MSPs should take these seven steps:
- require multi-factor authentication (MFA);
- implement network segmentation;
- scan for vulnerabilities and keep software updated;
- remove unnecessary applications and apply controls — and be sure to investigate any unauthorized software, particularly remote desktop or remote monitoring and management software;
- implement endpoint and detection response tools;
- limit access to resources over the network, especially by restricting RDP; and
- secure user accounts.
How MSPs and MSSPs Can Respond to and Recover From Ransomware Attacks
If a ransomware incident occurs, then the CISA, FBI and NSA recommend the following four actions:
- Follow the Ransomware Response Checklist on p. 11 of the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.
- Scan your backups. If possible, scan your backup data with an antivirus program to check that it is free of malware.
- Report incidents immediately to CISA at https://us-cert.cisa.gov/report, a local FBI Field Office, or U.S. Secret Service Field Office.
- Apply incident response best practices found in the joint Advisory, Technical Approaches to Uncovering and Remediating Malicious Activity, developed by CISA and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom.