Increase in ransomware attacks calls for government intervention. The headlines of the past few months reflect a clear picture: ransomware attacks are now part of everyday life and are steadily increasing. This is also confirmed by the analyzes by IT security specialist FireEye.
As a strong industrial nation, Germany is an attractive target for groups of hackers, but the danger exists across all sectors. At the same time, the attacks of the hackers are becoming more and more targeted and thus develop a particularly high potential for damage. In order to put a stop to this development, politics must finally take action.
The development since the beginning of the COVID-19 pandemic
The number of ransomware attacks rose steeply per quarter (Image: Mandiant).
Ransomware attacks have increased across Europe during the COVID-19 pandemic. Between February 2020 and mid-May 2021, more than 600 European organizations were affected by notifications of data theft as part of ransomware attacks. This is the result of analyzes by the IT security specialist FireEye. Compared to the first quarter of 2020, the number of victims named by ransomware operators increased by 2021 percent in the first quarter of 422.
Germany and its industry, a popular destination
Every industry and every country is affected by ransomware attacks. At just under 20 percent, however, the manufacturing industry is the most common target for hackers. Closely followed by legal and professional service providers and retailers.
The most popular destinations within Europe are Great Britain, France and Germany. This can be attributed to the fact that hacker groups also follow global economic trends. All three are developed and have strong economies, which explains why the three countries are more targeted than other European countries.
The attackers are becoming more and more unscrupulous
In the second half of 2019, ransomware attacks moved from being mass-focussed to being much more targeted and sophisticated. Nowadays organizations are completely incapacitated until they pay the required ransom or successfully restore their IT infrastructure via a backup.
One example is DARKSIDE ransomware, which was discovered by FireEye last August and used to carry out attacks in over 15 countries and various industries. A special feature of DARKSIDE is that the ransomware can either infect an entire network or individual people. To do this, it gains access to data in a multi-stage process and copies it while it is encrypted locally. The victims are then blackmailed with the publication of the stolen data.
Regardless of the extent of their actions
Ransomware groups and operators are increasingly acting without regard to the extent of their actions on the affected company or society as a whole. Past incidents show that activities in cyberspace can also have a significant impact on our everyday lives. A striking example is the hack on the Colonial Pipeline, which was affected by the DARKSIDE ransomware and on which around 50 million citizens, major airports and ports on the east coast of the USA depend.
Stop the hackers
The industries affected by ransomware attacks in percent (Image: Mandiant).
Every individual and every company can do something in the fight against cybercrime by protecting themselves and their organization. IT security has never played a bigger role than it does today. FireEye therefore specifically develops intelligence-based security solutions such as Mandiant Security Validation. These continuously validate a company's cybersecurity measures to assess their effectiveness. In this way, weak points in the respective systems or tools are revealed so that they can be closed in a targeted manner.
But there is also a need for action at a higher level. As long as cybercriminal threats are not addressed at the political level, the trend will continue. Cybercrime is a global problem, but there are countries that offer criminals some kind of safe haven or tolerate criminal activities as long as they do not affect them themselves. Politicians must set an example against this.
Organizations recognize the global threat
First steps are being taken. Many institutions and organizations recognize the threat of cyber attacks on a global scale. In the past few weeks, the EU Commission has proposed a joint cyber unit, which should start work on June 30, 2022. The aim is to ensure more cybersecurity in the EU. This is an important step as ransomware groups are rapidly evolving and posing a global challenge.
More at FireEye.de
About Trellix Trellix is a global company redefining the future of cybersecurity. The company's open and native Extended Detection and Response (XDR) platform helps organizations facing today's most advanced threats gain confidence that their operations are protected and resilient. Trellix security experts, along with an extensive partner ecosystem, accelerate technology innovation through machine learning and automation to support over 40.000 business and government customers.