The second quarter saw a whopping 55,240% increase in ransomware activity, with attacks becoming more common and more damaging.

That’s according to MSSP Nuspire‘s 2021 Q2 Quarterly Threat Landscape Report. Sourced from 90 billion traffic logs, it outlines new cybercriminal activity and tactics, techniques and procedures (TTPs). It also includes additional insight from its threat intelligence partner, Recorded Future.

Josh Smith is a security analyst at Nuspire. He said his company has never before seen such an increase in ransomware activity.

Nuspire’s Josh Smith

“Ransomware-based threat actors are attacking organizations for financial gain,” he said. “They infiltrate a network, steal data, encrypt the network, then extort their victims into paying on threat of releasing the information to the public. If the information contains personal information like Social Security numbers, addresses and other personally identifiable information (PII), it can be especially damaging to clients/users of the victim organization.”

No Industry Is Safe

The spike in ransomware activity began just a few weeks before the DarkSide ransomware group carried out the Colonial Pipeline ransomware attack. The reason for the increase is unknown and it may not be related to Colonial Pipeline. But one can speculate that the increase could be from the same campaign with Colonial Pipeline.

“Really no industry is safe as the threat actors will attack pretty much anyone they can,” Smith said. “Some ransomware groups have stated they will avoid certain sectors such as health care and government in what is assumed is a way to help keep governmental action from coming down on them. Some actors have specifically targeted health care due to the nature of their work and the urgency involved with getting those networks back online.”

Additional findings from Nuspire’s report include:

More Monitoring Needed

Organizations need to monitor their technology stacks for newly published vulnerabilities and patch as soon as possible, Smith said.

“Additionally, a lot of ransomware is initially deployed via phishing attachments, [so] ensuring users know how to recognize them [is important],” he said. “Using advanced endpoint protection that has heuristics and behavioral analysis goes beyond standard malware signatures and can identify ransomware activity and stop it. An MSSP can assist an organization by identifying threat actors targeting their industry vertical, and what tactics and techniques they most commonly use. Once identified, can MSSP can determine what gaps may exist within a cybersecurity plan at an organization and help remediate.”