Ransomware attacks are all about payout.
As such, ransomware attacks target those with the largest possible impact — notably, critical infrastructure organizations and IT, technology, and telecom companies — as they’re more likely to fork over the ransom than suffer the broad-reaching consequences of a takedown or widespread loss of sensitive data.
In fact, 85% of critical infrastructure organizations experienced at least one ransomware attack in 2022, according to Barracuda Networks’ new global 2023 Ransomware Insights Report released today.
“Critical infrastructure is an appealing target for cybercriminals because of the impact a successful attack can cause — the bigger the impact, the more chances of big payout,” said Olesia Klevchuk, product marketing director at Barracuda.
Critical Infrastructure Most Likely Ransomware TargetThe survey polled 1,350 IT professionals, ranging from frontline to senior roles, at companies across a range of industries. According to the findings, 73% of respondents reported being hit with at least one successful ransomware attack in 2022; 38% were hit twice or more.
The report also found the following:
- 85% of energy, oil/gas, and utility organizations and 98% of consumer services companies experienced at least one ransomware attack.
- Energy, oil/gas, and utility industries were the most likely (53%) to report two or more successful ransomware attacks.
- 31% of IT, technology and telecoms suffered one attack and 25% experienced two attacks.
- 42% of those hit three times or more paid the ransom to restore encrypted data, compared to 31% of victims of a single attack.
“Organizations are willing to pay a ransom because some feel that not paying it may equal losing significantly more or even going out of business altogether,” said Klevchuk.
How Ransomware Attacks Target CompaniesIn terms of entry method, email is still the most vulnerable — 69% of surveyed organizations were hit with ransomware this way.
In IT, tech and telecom, 69% of attacks originated via email, 56% by web traffic or web apps, and 39% by network traffic.
And in energy, oil/gas, and utilities, 78% of attacks began with email, 54% by web traffic or web apps, and 60% by network traffic.
The Bigger the Impact, the Bigger and More Likely the Ransomware PayoutThese new findings combined with previous Barracuda research revealing the quadrupling of infrastructure-related cyberattacks signals cybercriminals’ increasing intent to inflict greater damage beyond the initial victim.
“There is a lot of pressure on these industries to be up and running as soon as possible, and paying cybercriminals is one of the routes they may take,” said Klevchuk. “This makes it very appealing to hackers as they can ask for large ransoms.”
The 2021 Colonial Pipeline attack is probably the best recent example of an attack on critical infrastructure, Klevchuk added. The company paid $4 million, and the entire U.S. East Coast was impacted.
“Compared to direct costs, recovery costs and overall impact on economic performance of the region, the $4 million ransom payment is a minor one,” she said.
And, the incident may not have been espionage, but it revealed an “unacceptable risk posed by our growing system of systems,” Barracuda CTO Fleming Shi wrote in a blog post.
You Can’t Afford to Be Unprepared for Ransomware Attacks in 2023With the dire impact of ransomware already felt by companies across industries, you’d think they’d be ready. However, according to the report, 27% of organizations feel underprepared to tackle ransomware.
But in 2023 they better right that, as ransomware gangs will “become smaller and smarter,” Shi wrote.
In 2022, he pointed out, major ransomware gangs including LockBit, Conti, and Lapus$ were behind “blockbuster attacks.” But in 2023, with ransomware-as-a-service taking off and the recent build leak of LockBit 3.0, a “new generation of smaller and smarter gangs will steal the limelight.”
As a result, there will be increased frequency of ransomware attacks with new tactics, he said.
Now, organizations have accepted that it’s not an “if” but a “when” scenario. While training users, having a well-tested incident response plan in place and backing up and securing data may not completely prevent attacks, said Klevchuk, and such measures will significantly reduce the cost of a cyberattack.
“Organizations in all industries first and foremost need to invest in protecting their data,” she said. “The reason ransomware is so prevalent and successful is because most organizations do not do a good job at protecting their data.”
Organizations must invest in backup and recovery methods, deploy web application security for all SaaS applications, and focus on preventing loss of credentials by deploying anti-phishing capabilities in email, she said. Also, multi factor authentication (MFA) and zero trust are critical.
Ultimately, “keep hackers out of your business accounts and prevent them from infiltrating business critical data,” said Klevchuk.