Ransomware attacks targeting global businesses have increased by 64%, year over year, according to data contained in new Threat Spotlight research from Barracuda Networks, a trusted partner and provider of cloud-enabled security solutions.
Barracuda researchers identified 121 incidents of ransomware over the last 12 months, from August 2020 to July 2021, and examined the attack patterns and trends that have emerged in the last year.
The data revealed that corporations were targeted by the majority of ransomware attacks between August 2020 and July 2021 – 40% this year, compared to just 14% in the year prior.
Furthermore, education had been the target of 13% of ransomware attacks, a slight decrease from the 15% recorded in 2020, and healthcare was the target of 13% of attacks, which is lower than the 22% recorded in 2020.
Interestingly, local government bodies, such as councils, which were targeted by a whopping 45% of ransomware attacks in 2020, made up just 16% of ransomware attacks this year. Infrastructure (11%), finance (3%) and travel (4%) were the sectors targeted by the remaining ransomware attacks observed by the Threat Spotlight.
When looking at the geography of ransomware attacks, the analysis revealed that US organisations were most afflicted by ransomware, making up 44%, followed by EMEA at 30%, Asia Pacific countries made up 11%, 10% were in South America, and 8% were in Canada and Mexico.
Barracuda researchers also observed that ransom demands are also increasing, and now the average ransom ask per incident is over $10m or equivalent. In fact, only 18% of ransomware attacks asked for less than $10m, and 30% asked for more than $30m.
The threat spotlight concluded that this trend in higher demands is likely related to the increasing adoption of cryptocurrency, which provides attackers with an almost untraceable method for getting paid.
Fleming Shi, CTO at Barracuda Networks said: “All organisations, regardless of the size or sector they operate in, are at risk of the increasingly popular ransomware threat, and without the correct procedures in place said organisations are leaving themselves vulnerable to severe personal data and monetary losses.
“The first line of defence against ransomware should start with the staff – ensuring they are trained and made aware of ransomware threats, which often arrive in the form of email-based attacks, is imperative to preventing these cyber scammers from gaining a foothold to begin with.
“However, there will always be the chance that a sophisticated ransomware attack is successful, regardless of the preventative measures that are already in place. This is why it is most important that organisations equip themselves with a secure, third-party data backup solution, that can identify critical data assets and implement disaster and recovery capabilities, so that a victim isn’t pressured into paying the ransom to retrieve vital information.”