Ransomware Attacks Up 288% This Year As FBI Issues Warning Before Labor Day

2021 has proven to be another record-breaking year for Ransomware attacks, which have increased 288% in the last year. To add to this, the FBI has released a joint statement with CISA, urging organizations not to let down their defenses against ransomware attacks during weekends or holidays, especially with regards to the upcoming Labor Day weekend.

The agencies said they “observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed—in the United States, as recently as the Fourth of July holiday in 2021.”

Though both agencies did not disclose any information regarding potential ransomware attacks within upcoming holidays, they gave examples of recent attacks which occurred on such days – Colonial Pipeline, JBS, and Kaseya.

JBS, the world’s largest beef producer, shelled out $11 Million to the now-defunct REvil Ransomware gang after a Memorial Day hack.

Colonial Pipeline paid $4.4 Million to the Darkside Ransomware gang, in what was possibly the most storied Ransomware incident of the year. The attack occurred on Memorial Day.

On the fourth of July weekend, REvil Ransomware pulled off one of their largest – and final – attacks, striking dozens of Kaseya customers which affected 1500 businesses.

As shared by the two agencies:

• In May 2021, leading into Mother’s Day weekend, malicious cyber actors deployed DarkSide ransomware against the IT network of a U.S.-based critical infrastructure entity in the Energy Sector, resulting in a week-long suspension of operations. After DarkSide actors gained access to the victim’s network, they deployed ransomware to encrypt victim data and—as a secondary form of extortion—exfiltrated the data before threatening to publish it to further pressure victims into paying the ransom demand.
• In May 2021, over the Memorial Day weekend, a critical infrastructure entity in the Food and Agricultural Sector suffered a Sodinokibi/REvil ransomware attack affecting US and Australian meat production facilities, resulting in a complete production stoppage.
• In July 2021, during the Fourth of July holiday weekend, Sodinokibi/REvil ransomware actors attacked a U.S.-based critical infrastructure entity in the IT Sector and implementations of their remote monitoring and management tool, affecting hundreds of organizations—including multiple managed service providers and their customers.

Soaring Ransomware Attacks

Holidays are the least of worries when it comes to Ransomware attacks, which soared by 288% between the first and second quarters of 2021, according to new data from NCC Group.

Analyzing incidents dealt with by its own Research Intelligence and Fusion Team (RIFT) throughout 2021, the firm claimed nearly a quarter (22%) of data leaks in the second quarter came from the Conti group.

Avaddon Ransomware was the runner-up, at 17% of incidents.

Nearly half (49%) of victims were based in the US, which continues to be a hotspot for ransomware attacks. 7% were in France, and 4% in Germany.

Christo Butcher, lead for for threat intelligence at NCC Group, stated that no organization in any sector is safe from ransomware today.

“We’ve seen targets range from IT companies and suppliers to financial institutions and critical national infrastructure providers, with ransomware-as-a-service increasingly being sold by ransomware gangs in a subscription model,” he added.

“It’s therefore crucial for organizations to be proactive about their resilience. This should include proactive remediation of security issues, and operating a least-privilege model, which means that if a user’s account is compromised, the attacker will only be able to access and/or destroy a limited amount of information.”