Ransomware is usually defined as a type of malicious software that denies organizations and individuals access to their data or computer system/device unless a payoff is made. However, ransomware is not just malware. It’s often part of an actual intrusion. Per Microsoft’s Digital Defense Report, “Ransomware’s economic model capitalizes on the misperception that a ransomware attack is solely a malware incident, whereas in reality ransomware is a breach involving human adversaries attacking a network.”
According to a release from the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC): “In recent years, ransomware attacks have become more focused, sophisticated, costly, and numerous. According to the Federal Bureau of Investigation’s 2018 and 2019 Internet Crime Reports, there was a 37 percent annual increase in reported ransomware cases and a 147 percent annual increase in associated losses from 2018 to 2019.” Ransomware attacks were prevalent in 2020 as well.
Attackers do not discriminate, although it appears focus has shifted over the years from targeting individuals to organizations who can make bigger payoffs and opt to do so to avoid downtime and the expense of rebuilding. It seems bad actors have begun to favor opportunities that enable them to maximize profits.
Quantifying the real cost of ransomware attacks can be difficult. Contributors can include the ransom itself, cyber insurance, downtime and lost revenue, remediation and recovery, and regulatory fines as well as qualitative factors such as reputational damage or customers’ mistrust of the organization. The true costs of a ransomware attack can include amounts to be determined far beyond the immediate aftermath.
2020 will go down in infamy for many reasons, but as millions of people have struggled with a pandemic throughout the past year, organizations have had their own crises to deal with. With more activity in the cloud than ever before, data breaches have affected everyone from small businesses to behemoths. In this four part series, we look back on notable breaches from 2020 and discuss how SecureCloudDB could have been employed as part of a layered defense strategy to alleviate, if not prevent, incidents like them.
Part three below covers the Garmin breach that occurred in July of 2020.