India is 2nd Most Cyberattacked Country in Last 3 Months

India is 2nd Most Cyberattacked Country in Last 3 Months

Check Point researchers issue warning to organizations worldwide against surging ransomware threats, after conducting a study that revealed a 50% jump in the daily average of ransomware attacks in the last 3 months alone, compared to the first half of 2020.

  • US ransomware attacks doubled (~98% increase) in the last 3 months, making it the #1 most targeted country for ransomware, followed by India, Sri Lanka, Russia and Turkey
  • Ryuk ransomware now attacks 20 organizations a week
  • Percentage of global healthcare organizations impacted by ransomware double. Healthcare sector is now #1 most attacked industry in the US 

Security researchers at Check Point conducted a global study that showed significant increase in ransomware threat frequency within the past 3 months. By leveraging their threat intelligence engine, Threat Cloud, Check Point researchers calculated a number of insights and observations around the latest global ransomware trends. Threat Cloud is derived from hundreds of millions of sensors worldwide that are supplemented with AI-based engines and exclusive research data from Check Point Research. 

Key Insights 

  • Daily average of ransomware attacks jumped 50% in last 3 months, compared to 1st half of 2020
  • Ryuk ransomware now attacks 20 organizations a week
  • Percentage of healthcare organizations impacted by ransomware globally nearly double, making it the #1 most attacked sector in the US
  • Top 5 countries ranked by the most ransomware attacks in the last 3 months:
    1. US (~ 98.1% increase)
    2. India (39.2% increase)
    3. Sri Lanka (436% increase)
    4. Russia (57.9% increase)
    5. Turkey (32.5% increase)
  • Top 5 global industries most impacted by ransomware threats in the last 3 months

Why Now? Check Point’s Head of Threat Intelligence, Lotem Finkelsteen, explains:  

“Ransomware is breaking records in 2020. Ransomware trends began with the advent of the coronavirus pandemic, as organizations scrambled to enact remote workforces, leaving significant gaps in their IT systems. However, the last three months alone have shown alarming surges of ransomware attacks. The natural follow-up question is why now? I think some of the primary drivers are: 

  1. More sophisticated attacks, such as Double Extortion. In this attack type, hackers first extract large quantities of sensitive information, prior to encrypting a victim’s databases. Afterwards, attackers will threaten to publish that information unless ransom demands are paid, placing substantial pressure on organizations to meet hackers.
  2. Willingness to pay. Hackers deliberately choose a ransom price that targets are more willing to pay. This way, victims of ransomware opt to simply pay the price, instead of dealing with the headache and time required to recover their IT systems. Furthermore, targets are more willing to pay in order to avoid additional stress given the challenging economic times we’re living in due to coronavirus. Though, this can change once coronavirus is behind us. Unfortunately, paying the ransom creates a vicious cycle: the more these type of attacks "succeed", the more frequently they occur.
  3. Emotet’s return opens new entry-points. After a five-month absence, Emotet has surged back to 1st place in the Most Wanted Malware Index, impacting 5% of organizations globally. Emotet is an advanced, self-propagating and modular Trojan. It was originally a banking Trojan, but has recently been used as a distributor of other malware or malicious campaigns. Emotet operations sell their infected victim's details to ransomware distributers, and because they are already infected, these victims are vulnerable to more attacks. This makes ransomware attacks even more "effective" to the attacker since more infected targets means more entry points for ransomware attacks. 

Unfortunately, I suspect ransomware threats to get far more worse as we turn the new year. I strongly urge organizations everywhere to be extra vigilant.” 

How Organizations can Protect themselves

  • Train your people.Training and educating users on how to identify and avoid potential ransomware attacks is crucial. As many of the current cyber-attacks start with a targeted email that does not even contain malware, but only a socially-engineered message that encourages the user to click on a malicious link, user education is often considered as one of the most important defenses an organization can deploy.
  • Continuously backup your data: Maintaining regular backups of data as a routine process is a very important practice to prevent losing data, and to be able to recover it in the event of corruption or disk hardware malfunction. Functional backups can also help organizations to recover from ransomware attacks.
  • Patch your systems: Patching is a critical component in defending against ransomware attacks, as cyber-criminals will often look for the latest uncovered exploits in the patches made available and then target systems that are not yet patched. As such it is critical that organizations ensure that all systems have the latest patches applied to them as this reduces the number of potential vulnerabilities within the business for an attacker to exploit.

Related Stories

No stories found.
logo
DIGITAL TERMINAL
digitalterminal.in