Cybersecurity company Kaspersky has released global data on what were the top threats that made companies activate their Global Emergency Response Team (GERT) in 2021 to mitigate and prevent the spread of attacks. Among the incidents, ransomware stood out, accounting for almost half of the notifications.
From January to November 2021, 46.7% of cases handled by Kaspersky were associated with ransomware, which represents an increase of almost 12% compared to 2020, making the data hijacking threat the top occurrence of the year.
The main affected were government areas and the industrial sector. Together, both attacks accounted for nearly 50% of all ransomware IR requests in 2021. Other popular targets included financial institutions and technology companies.
Want to stay on top of the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!
This scenario was made possible by the fact that ransomware operators have improved their arsenals, focusing on fewer attacks and targeting them at large-scale organizations, being applied in conjunction with underground ecosystems developed to support these initiatives.
Ransomware trends for 2022
As ransomware operators began to target high-visibility targets and demanded higher ransoms, they came under more political and legal pressure, which increased the efficiency of the attacks. As a result, Kaspersky experts point to two important trends that will gain popularity in 2022.
The first is that ransomware gangs must build Linux versions of their ransomware to widen the attack surface. This already occurs with the RansomExx and DarkSide groups.
The second trend is that the operators of these attacks will begin to focus more on “financial blackmail”. In this case, threats of critical information leakage occur at a time when companies are going through a major financial event, such as a merger, acquisition or IPO, that could devalue their shares. In this context, victims are more vulnerable and more likely to pay the ransom.
How to protect yourself from ransomware
Given the high incidence of these threats, Kaspersky experts recommend the following steps to protect companies from ransomware attacks. Check it out below:
- Do not expose remote connection tools (such as RDP) on public networks unless absolutely necessary. For this, always use strong passwords and VPN on them;
- Immediately apply updates and fixes to VPNs to prevent unauthorized access;
- Patches must be run on all programs and operating systems to prevent ransomware from exploiting vulnerabilities;
- Focus the defense strategy on detecting lateral movements and exfiltration of data to the internet. Pay special attention to outbound traffic to detect connections from cybercriminals;
- Backup your data regularly. Ensure quick access to them when needed in an emergency.