Already a Record-Breaking Year for Ransomware, 2021 May Just Be Warming Up

We live in a nation preoccupied with the setting of new records. But while many records are newsworthy, not all of this news is good news. Two examples that have recently made headlines: the mid-June heatwave that has shattered temperature records all over the American West, and the unprecedented wave of ransomware attacks currently torching networks … well, just about everywhere.

“Through May, SonicWall recorded 226.3 million ransomware attacks, a 116% year-to-date increase over 2020, indicating cybercriminals’ rapidly evolving and highly profitable attack tactics,” said SonicWall President and CEO Bill Conner. “In fact, May 2021 was victim to the highest number of ransomware attacks we have ever recorded.”

Increases in ransomware attacks were recorded even in countries that had already been struggling with comparatively large amounts of ransomware, such as the U.S. and the U.K., which saw ransomware attacks spike 149% and 69%, respectively.

Since the beginning of the year, it seems that 2020’s perfect storm for cybercrime in general, and ransomware in particular, has only grown in intensity. On the heels of its late 2020 performance, itself record-breaking, Bitcoin continued thundering on into 2021, reaching a new high in each of the first four months of this year.

Around the world, fortunes were being made on cryptocurrency. And ransomware, its barriers to entry lower than ever due to readily available hacking tools and platforms such as Discord, attracted an increasing number of cybercriminals looking for a quick, easy way to obtain the bitcoin that could make their fortunes.

Unfortunately, in this storm, victims are finding that lightning strikes the same place twice with frightening regularity. Companies eager to move past increasingly sophisticated and debilitating ransomware attacks, and often sheltered by high-dollar ransomware insurance policies, too often pay the ransom — only to be targeted again shortly after.

According to ZDNet, roughly eight in 10 organizations that paid ransom demands were subsequently attacked again, with nearly half of these victims saying they believe the second attack was perpetrated by the same criminals as the first.

And these criminals are continuing their shift toward soft targets, including hospitals, utilities, schools and government agencies. In early March, Broward County School District in Fort Lauderdale, Fla., set its own record when it received a $40 million ransom demand — the highest ever for an educational institution.

And in May, the Colonial Pipeline ransomware attack brought one of the nation’s largest fuel transportation networks to a standstill for nearly a week, leading to fuel shortages and panic buying.

“The bombardment of ransomware attacks is forcing organizations into a constant state of defense rather than an offensive stance,” Conner said. “And as the tidal wave of ransomware attacks continues to crush company after company, there is a lot of speculation on how to keep individual organizations safe, but no real consensus on how to move forward when it comes to combating ransomware as a whole.

“Law enforcement agencies and political figures continue to voice opinions that constantly contradict each other on how best to fight adversaries that know no boundaries, do not adhere to international laws and are far from the charitable operators they claim to be,” Conner said. “The volume of targeted attacks on government organizations and enterprises that impact civilians, countries and the global economy will not end without a change in approach.”

But many countries — particularly those that have been hardest hit by ransomware, such as the U.S. and the U.K. — are mobilizing to fight back. With ransomware attacks now elevated to a matter of national security, increased funding for fighting cybercrime and penalties at the national level for countries that harbor ransomware groups could finally begin to turn the tide.

To find out which areas have been most impacted by 2021’s record ransomware — and whether the current flood of ransomware will rise to set new records in June and beyond — stay tuned for the mid-year update to the 2021 SonicWall Cyber Threat Report, coming in July 2021.


Cybersecurity News & Trends

This week SonicWall announced that it had recorded a staggering 116% increase during the first 5 months of 2021 over the same period last year — with May notching more ransomware attacks than any other single month on record.

SonicWall in the News

Ransomware Attack Roiled Meat Giant JBS, Then Spilled Over to Farmers and Restaurants — The Wall Street Journal

  • During a recent supply chain attack, plants were closed, the prices of beef and pork climbed, and farmers sought new buyers for their livestock.

Mastercard Foundation gives $1.3 billion to boost vaccinations in Africa — PBS Newshour

  • The 2021 SonicWall Cyber Threat Report data was referenced in the PBS Newshour segment regarding the Mastercard Foundation’s donation to fund vaccinations in Africa.

World leaders target cyber threats — The Financial Times

  • The clean energy company Invenergy said it had been hacked but did not intend to pay any ransom after Russia-linked hacking group REvil threatened to leak embarrassing details about its billionaire chief executive.

Ransomware Gangs Say This Makes You a Target — SDx Central

  • Maor pointed to an RSA Conference session titled “Two Weeks With a Russian Ransomware Cell” by SonicWall Senior Product Strategist Brook Chelmo, in which Russian attackers gave Chelmo tips on how to avoid being attacked.

Why Is Ransomware on the Rise? — The Markup

  • “During the first five months of this year, the company tracked a 116 percent increase in ransomware attempts compared to the same period in 2020, and the 62.3 million attacks it detected this May were the most it has ever recorded in a single month,” said Dmitriy Ayrapetov, vice president of platform architecture for SonicWall.

Industry News

Digital ad industry accused of huge data breach — The BBC

  • The Irish Council for Civil Liberties is suing a branch of the Interactive Advertising Bureau (IAB) and others over what it describes as “the world’s largest data breach.”

Ukraine arrests Clop ransomware gang members, seizes servers — Bleeping Computer

  • Ukrainian law enforcement arrested cybercriminals associated with the Clop ransomware gang and shut down infrastructure used in attacks targeting victims worldwide since at least 2019.

‘That horse has left the barn’: Secret Service official says ransom payments have fueled hacking sprees — Cyberscoop

  • “We’re in this boat we’re in now because over the last several years, people have paid the ransom,” Stephen Nix, assistant to the Special Agent in Charge at the U.S. Secret Service, said.

Most firms face second ransomware attack after paying off first — ZDNet

  • Some 80% of businesses that choose to pay to regain access to their encrypted systems experience a subsequent ransomware attack, and 46% of those believe the second attack was instigated by the same attackers.

VPN Attacks Surged in First Quarter — Dark Reading 

  • Attacks against virtual private network products surged dramatically in the first quarter of 2021 as threat actors tried to take advantage of previously disclosed vulnerabilities that organizations had not patched.

Audi, Volkswagen data breach affects 3.3 million customers — Bleeping Computer

  • Audi and Volkswagen have suffered a data breach affecting 3.3 million customers after a vendor exposed unsecured data on the internet.

Burgeoning ransomware gang Avaddon appears to shut down, mysteriously — Cyberscoop

  • The operators left no explanation for why they might have done so, and they’re letting their remaining victims off the hook. Avaddon sent Bleeping Computer 2,934 decryption keys, after which the security firm Emsisoft produced a free, public decryption tool.

McDonald’s Hit by Data Breach — The Wall Street Journal 

  • The hack exposed some U.S. business information and customer data in South Korea and Taiwan, the company said.

Network security firm COO charged with medical center cyberattack — Bleeping Computer

  • The former chief operating officer of Securolytics, a network security company providing services for the health care industry, was charged with allegedly conducting a cyberattack.

EA source code stolen by hacker claiming to sell it online — Ars Technica

  • Game maker Electronic Arts is responding to the theft of gigabytes of private data by hackers who breached its internet-connected networks.

Justice Department, international law enforcement disrupt major marketplace for cybercriminals — Cyberscoop

  • DOJ worked with international law enforcement to take down an online marketplace, Slilpp, offering stolen login credentials.

A Mystery Malware Stole 26 Million Passwords From Windows PCs — Wired

  • The credentials were part of a trove containing 1.2 terabytes of sensitive data extracted between 2018 and 2020.

In Case You Missed It

Introducing the Updated SonicWall Network Security Administrator (SNSA) for SonicOS 7 Course —Jerry Avila
SonicWall’s Bill Conner Talks Ransomware on the Radio — Lindsey Lockhart
Infiltrate, Adapt, Repeat: A Look at Tomorrow’s Malware Landscape — Brook Chelmo
Join us for the 2021 SonicWall Partner Virtual Roadshow — David Bankemper
Capture Client 3.6 Launch Brings Key Features — Brook Chelmo

Cybersecurity News & Trends

This week governments in the U.S. and U.K. geared up to fight back against the growing threat of ransomware.

SonicWall in the News

NCSC updates schools ransomware guidance amid surge — Computer Weekly

  • The National Cyber Security Centre says it is dealing with a renewed surge of ransomware attacks targeting schools, colleges and universities.

Orange Business Services taps Ericsson for enterprise IoT security — Computer Weekly

  • According to the 2021 SonicWall Cyber Threat Report, malware attacks on IoT devices in 2020 jumped by 66% compared with 2019.

SonicWall Sheds Light On Ransomware Attacks As NCSC Announces Continued Rise — Information Security Buzz

  • Last week, NCSC announced it is investigating another increase in ransomware attacks against educational institutions in the UK.

Three Best Practices to Neutralize Ransomware Attacks — Dataversity

  • Since 2019, ransomware attacks have soared by 158% in North America and by 62% globally, according to the 2021 SonicWall Cyber Threat Report — which also stated that cybercriminals are using more sophisticated tactics to try to shut down companies in exchange for a data “ransom.”

Ransomware attacks on the UK education sector — Professional Security

  • “Ransomware attackers have identified universities’ vulnerabilities as providing something valuable as well as information that is readily exportable,” Terry Greer-King, VP EMEA of SonicWall, said. “Hackers can not only disable networks, but they can also thoroughly infiltrate the systems and … access an organization’s records, bypassing security altogether.”

Are you certain you are on the right side of defending against tomorrow’s APTs? — Everything Industrial

  • Ashley Lawrence, SonicWall Regional Sales Senior Manager for Sub-Saharan Africa, is featured for his views on Advanced Persistent Threats and how SonicWall’s RTDMI and Capture ATP can help protect businesses.

Industry News

Security researcher says attacks on Russian government have Chinese fingerprints – and typos, too — The Register

  • An advanced persistent threat that Russia found inside government systems seems to have come from a Chinese entity rather than a western group, security researchers say.

U.S. Senate passes sweeping bill to address China tech threat — Reuters

  • The U.S. Senate voted 68-32 to approve a sweeping package of legislation intended to boost the country’s ability to compete with Chinese technology.

Hacker Known as Max Is 55-Year-Old Woman From Russia, U.S. Says — Bloomberg

  • Witte appeared before a U.S. magistrate judge on June 4 for her arraignment, where she waived her rights to a detention hearing.

LinkedIn asks Supreme Court to review whether data scraping is prohibited hacking — The Washington Times

  • Social networking platform LinkedIn asked the Supreme Court to review whether the “scraping” of data from its website equates to illegal hacking under federal law.

JBS Hackers Took Data From Australia and Brazil, Researcher Says — Bloomberg

  • Security Scorecard found evidence that hackers took data from a JBS location in Brazil in April and May. The attackers began taking large amounts of data from the company’s network in March and continued until the hack was discovered late last month.

What Hackers Can Learn About You From Your Social-Media Profile — The Wall Street Journal

  • That post you ‘liked’ on Facebook? Your alma mater on LinkedIn? They are all clues that can make you — and your company — vulnerable.

Ransomware Struck Another Pipeline Firm—and 70GB of Data Leaked — Wired 

  • LineStar Integrity Services was hacked around the same time as Colonial Pipeline, and now radical transparency activists have brought the attack to light.

CISA Announces Vulnerability Disclosure Policy Platform — Security Week

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy (VDP) platform.

Ransomware attack hits House members’ web tool to communicate with voters — The Washington Times

  • Cybercriminals have attacked a web tool that members of the House of Representatives use to communicate with voters.

Insurer Chubb paid $65,000 to help a city unlock ransomware in 2018. A second hack was more expensive. — Cyberscoop

  • A city in California didn’t disclose a ransomware payment for more than two years after its insurer covered the cost, the city manager acknowledged amid yet another ransomware attack on the municipality.

First Known Malware Surfaces Targeting Windows Containers — Dark Reading 

  • Siloscape is designed to create a backdoor in Kubernetes clusters to run malicious containers.

Ransomware warning: There’s been another spike in attacks on schools and universities — ZDNet

  • NCSC alert says there’s been a rise in ransomware attacks targeting the education sector at a critical time in the academic calendar.

The cost of ransomware attacks worldwide will go beyond $265 billion in the next decade — ZDNet

  • Current estimates suggest that ransomware will cost us approximately $20 billion this year, a 57x jump from 2015.

U.S. officials up pressure on firms, foreign adversaries over cyberattacks — The Wall Street Journal

  • President Joe Biden is reportedly considering all options, including a military response, to counter the growing threat.

In Case You Missed It

Introducing the Updated SonicWall Network Security Administrator (SNSA) for SonicOS 7 Course

With plenty of customers now running SonicOS 7.0, SonicWall Global Enablement has updated the SonicWall Network Security Administrator (SNSA) course to show you how to take advantage of SonicWall’s most advanced security operating system yet.

The SNSA training curriculum is designed to teach students specific SonicWall network security technology. The course will provide students with the skills to successfully implement and configure SonicWall firewall appliances and security services.

Improvements included with the updated SNSA course:

  • Two days of instructor-led classroom training: 80% hands-on labs and 20% lecture
  • Four hours of online learning modules (recommended to be completed prior to the classroom portion)
  • Instruction and materials based on the recently released SonicOS 7 firmware

SonicWall Security Certification Courses

SonicWall offers other training and certification courses to support the needs of our partners, customers and employees. These include:

SonicWall Network Security Professional (SNSP) Course

Available to students who have achieved the SNSA certification, the SNSP course is designed to further enhance an individual’s network security technical skills.

In this two-day, instructor-led course, students will learn how to monitor, investigate, analyze and configure SonicWall NGFWs running SonicOS — as well as how to enable advanced functionality related to secure and remote connectivity, network optimization, and threat prevention.

Upon successfully completing the SNSP program, the students will be able to demonstrate SonicWall product expertise and the application skillsets required to mount a proactive, effective defense against current and evolving network and cybersecurity threats.

Successful completion of the SNSP curriculum qualifies the student to take the SNSP Certification Exam.

SonicWall Secure Mobile Access Administrator (SMAA) Course

The Secure Mobile Access Administrator (SMAA) eLearning training curriculum is designed around specific SonicWall SMA 1000 series appliances. Students will learn to provide secure, anywhere access to applications and resources for employees, business partners and other users.

Once the Secure Mobile Access Administrator eLearning course has been completed, students are eligible to take the Secure Mobile Access Administrator exam.

Cybersecurity News & Trends

This week Cozy Bear meddled in politics, REvil disrupted the global meat supply and schools fortified their defenses.

SonicWall in the News

Radio Interview with SonicWall President and CEO Bill Conner — KRLD 
SonicWall President and CEO Bill Conner discusses who is responsible for rising attacks on enterprises, governments and SMBs worldwide — and what’s to be done.

SonicWall, The Conference of Italian University Rectors to Collaborate on Cybersecurity Training, Research and Digital Innovation — FE News
SonicWall today announced its partnership with the Conference of Italian University Rectors (CRUI) to promote and enable mutual collaboration in research, development, transformation and digital innovation activities.

Industry News

Meat giant JBS now fully operational after ransomware attack — Bleeping Computer
JBS, the world’s largest beef producer, has confirmed that all its global facilities are fully operational and operate at normal capacity after the REvil ransomware attack that hit its systems last weekend.

Why One Hack on One Firm Can Shake Global Meat Supply — Bloomberg
In the last three years, a fire, a pandemic and now a cyberattack have disrupted the U.S. meat industry. Here’s how one hack impacts the global economy.

U.S. schools land IBM grants to protect themselves against ransomware — ZDNet
All U.S. K-12 public school districts were eligible to apply for the grants, designed to help school officials “proactively prepare for and respond to cyberattacks.”

U.S. seizes two domains used in cyberattacks that mimicked USAID communications — Reuters
The U.S. Justice Department said it had seized two Internet domains used in spear-phishing attacks mimicking email communications from the U.S. Agency for International Development.

Cyber-Insurance Fuels Ransomware Payment Surge — Threat Post 
Companies relying on their cyber-insurance policies to pay off ransomware groups are being blamed for a recent uptick in ransomware attacks.

New breach from hackers behind SolarWinds ‘mostly unsuccessful,’ Microsoft says — The Washington Times 
Microsoft said the latest hack was largely unsuccessful, meaning Microsoft has not discovered a significant number of compromised organizations.

Swedish Health Agency shuts down SmiNet after hacking attempts — ZDNet
The Swedish Public Health Agency shut down SmiNet, the country’s infectious diseases database, after it was targeted in several hacking attempts.

Kenyan Arrested in Qatar First Targeted By Phishing Attack — Bloomberg
A Kenyan security guard writing compelling, anonymous accounts of being a low-paid worker there found himself targeted by a phishing attack that could have revealed his location just before his arrest, analysts say.

New Russian hacks spark calls for tougher Biden actions — The Hill
Officials are calling for harsher measures against Russia following reports that SolarWinds hackers were continuing to launch cyberattacks against U.S. government agencies and other organizations.

Interpol intercepts $83 million fighting financial cybercrime — Bleeping Computer
The International Criminal Police Organisation has intercepted $83 million belonging to victims of online financial crime from being transferred to the accounts of their attackers.

This Android trojan malware is using fake apps to infect smartphones, steal bank details — ZDNet
TeaBot malware tells victims they need to click a link because their phone is damaged with a virus  — then infects them via the link.

Pulse Secure VPN hacking also hit transportation, telecom firms, FireEye says — Cyberscoop
The U.S. government has also been affected.

Hong Kong recorded phishing surge in 2020 as scum sought to cash in on viral worries — The Register 
Criminals tried to exploit Hong Kong residents’ COVID-related anxiety, according to new security data released yesterday.

UF Health Florida hospitals back to pen and paper after cyberattack — Bleeping Computer
UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network.

Fujifilm confirms ransomware attack disrupted business operations — Bleeping Computer
Today, Japanese multinational conglomerate Fujifilm officially confirmed that they had suffered a ransomware attack earlier this week that disrupted business operations.

Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery — Cyberscoop
The recent spearphishing campaign uses an election fraud document as a lure. The emails purport to be from the U.S. Agency for International Development, and have targeted government agencies, research institutions and nongovernmental organizations.

In Case You Missed It

SonicWall’s Bill Conner Talks Ransomware on the Radio — Lindsey Lockhart
Infiltrate, Adapt, Repeat: A Look at Tomorrow’s Malware Landscape — Brook Chelmo
Join us for the 2021 SonicWall Partner Virtual Roadshow — David Bankemper
Capture Client 3.6 Launch Brings Key Features — Brook Chelmo
Using Client VPN with Your Firewall for WFH: a Setup for Disaster? — Jean-Pier Talbot

SonicWall’s Bill Conner Talks Ransomware on the Radio

This week’s Brazil-based JBS attack, the world’s largest meat producer, marks the third cyberattack on a major U.S. entity since January 2021. With ransomware attacks now impacting global economies and the daily lives of citizens, the waging cyberwar has taken center stage.

SonicWall President and CEO Bill Conner discusses who is responsible for rising attacks on enterprises, governments and SMBs worldwide and what’s to be done with KRLD NewsRadio 1080 radio host Dave Johnson in a recent interview.

“We’re past the tipping point now in [the] arms race,” said Conner. “The new tools that the bad guys are using are the stuff we use as good guys. So, they’re now using the cloud to take terabytes of data and store it anywhere in the world.

“They’re using cloud applications to target [organizations], just like they did with SolarWinds, and now they’re taking advantage of Microsoft Windows and authentication. It is past an arms race at this point.”

Conner and Johnson go on to discuss what governments need to do to “go on the offensive collectively” to thwart sophisticated and increasingly targeted attacks. Through April 2021, SonicWall Capture Labs threat researcher recorded a 90% year-to-date increase in ransomware. In fact, April 2021 was the highest single month of ransomware ever recorded by SonicWall.

“[Attackers] are going after everything,” warned Conner. “The ones that you’re just reading about are the ones that they’re actually getting away with and getting through [systems] today. Tomorrow is another story.”

The two go on to discuss the cybersecurity industry’s pressing issues such as disclosure, legislation and the world-wide phenomena of ransomware attacks.

Listen to the full interview below.


CEO Spotlight with David Johnson, KRLD NewsRadio 1080