Barracuda: Ransom Payments Rise Amid Jump in Attacks

Ransomware attacks and ransom payments are on the rise, and ransoms now are more likely to exceed $1 million.

That’s according to new research by Barracuda. In the past year, Barracuda researchers identified and analyzed 71 ransomware incidents.

Cybercriminals are targeting government, health care and education organizations with ransomware. An uptick in attacks was expected due to the upcoming presidential election. However, cybercriminals are also leveraging the COVID-19 pandemic and remote work to wreak havoc on organizations.

Attacks on education – including colleges – include the theft of personal information and medical records, as well as health care research.

Unprepared for Attacks

Fleming Shi is chief technology officer for Barracuda. The most surprising finding is the significant increase in ransom payments, he said. Many ransomware victims have not prepared enough, so they end up paying the ransom.

Cybercriminals will always find the most vulnerable sectors to target, he said.

Barracuda’s Fleming Shi

“With the increased focus on extortion of the breached data, they will likely shift to the sectors where personal data and critical operational data live,” Shi said. “For example, during a pandemic, they go after health care and higher education where health research is essential. The level of urgency in getting the data back dictates the willingness to pay. Municipalities have a lot of important data on citizens and local operations, which unavoidably becomes a significant target.”

Cybercriminals are also targeting the logistics sector. That impacts shipments of merchandise, including medical equipment.

Cybercriminals use malicious software, delivered as an email attachment or link, to infect the network and lock email, data and other critical files until a ransom is paid. These attacks can cripple day-to-day operations and cause chaos. They can also result in financial losses from downtime, ransom payments, recovery costs, and other unbudgeted and unanticipated expenses.

“I believe most of the organizations are aware of the danger posed by ransomware, but lacking resources and tools to fight against these attacks,” Shi said. “Successful attacks could start to decrease, but the impact and cost to recover will be higher for each attack.”

Pay Up

Of the cases Barracuda studied, one in seven(14%) victims paid the ransom. The average payment was over $1.6 million. Garmin reportedly paid a $10 million ransom.

Municipalities are also paying ransoms. Fifteen percent of the cities Barracuda studied made payments ranging from $45,000-$250,000. All had populations less than 50,000. And they deemed the cost and labor associated with manually recovering from the ransomware attacks too high.

Last year, hardly any of the municipalities attacked paid any ransom.

Increasing Leverage Against Victims

Cybercriminals are also demanding payment from victims to avoid publicly disclosing information that could cause public humiliation, legal issues and hefty fines. Many cybercriminals are now combining the use of ransomware and data breaches to double the leverage over their victims in this way.

Of the attacks studied, 41% were a combined ransomware attack and data breach.

“Aside from deploying more disaster recovery tools, MSSPs are looking to get more endpoint solutions out into the field to identify the trust level for every system interacting with the network infrastructure,” Shi said. “These solutions will also need to be battle-tested in the field as cybercriminals will find ways to be evasive and work around these sensors, threat hunting and alert systems.”

Also, MSSPs are building more security operations center (SOC) services to constantly monitor their customer’s environments, including endpoints, Shi said.

“This is an encouraging trend as these efforts will help close the skill gaps needed to defend and recover from cyberattacks,” he said.