After a chaotic and surreal couple of years, 2022 is already stretching our collective limit. The system is once again buckling under the weight of the pandemic, businesses are pivoting (or shuttering) in response to new challenges, political turmoil continues around the world — and ransomware is now a national security threat.
Organized cyber gangs continue to ruthlessly attack enterprise organizations, from government and financial institutions to critical infrastructures such as transportation and hospitals. Ransomware-focused threat actors like FIN12 are using the healthcare industry for target practice — taking advantage of known vulnerabilities — and becoming more efficient and nimble with their methods by the day. And ransom demands are soaring to record levels.
2021 was the "Year of Ransomware," and the projections for 2022 are even more harrowing. Cybersecurity pundits will have to get creative when they name 2022: We expect the declaration of the "Year of Ransomware" to become as redundant as the "Year of Cybersecurity."
A report by Cybersecurity Ventures estimates that an organization will be attacked by ransomware every 11 seconds.
And that’s only the publicly reported earnings. Consider that an estimated 75% of ransomware attacks go unreported and you’ll begin to grasp how lucrative “ransomware as a service” (RaaS) has become.
Annual damages from ransomware are projected to rise 1225% by 2031, up to $265 billion per year.
The previous record occurred just four months prior at $50 million.
And that number will only increase, especially with the growing prevalence of double extortion.
Considering what's at stake for a healthcare facility — lifesaving machinery, confidential patient information, and lives (people died from malware in 2021) — it's no surprise that the ransom payouts are higher in healthcare than other industries. Regardless of payout, victims' data was leaked in at least 72% of the incidents (an additional 15% didn't know if data was compromised).
The average cost of a ransomware attack is $1.85 million when you consider factors like downtime, lost business, and damaged reputation in addition to the ransom paid.
Almost half (42%) of companies with 1,001-5,000 employees were hit by ransomware in 2021 — compared to 33% of smaller companies.
It might seem easier to quietly pay off cybercriminals rather than deal with an embarrassing public fallout and sky-high fines — but it’s a spectacularly bad idea. Instead, follow protocol and alert the authorities immediately.
Read More: Call the Feds! What Bank CISOs Need to Do After a Data Breach
42% of local governmental organizations, 35% of organizations in the education sector, and 34% of healthcare organizations also reported meeting the ransom demands.
It’s just one of many reasons why the FBI advises against paying ransoms. Read More: Should Hospitals Pay Off Cyber Terrorists? What to do after a ransomware attack.
Change and adapt to the new cybersecurity landscape because things will only get more challenging as cybercriminals hone their skills and tactics. Regularly back up your data — it's expected in today's cyber minefield. Educate yourself and your employees about the latest threats, and review your defenses against escalating attacks. Don't settle for anything less than the utmost vigilance and cutting-edge cybersecurity protocols.