Global endpoint security provider CrowdStrike recently released its much-anticipated annual Global Threat Report, which details the most significant cybersecurity events and trends of the past year. The report is compiled with details and information from the CrowdStrike Intelligence team, the Falcon OverWatch managed threat hunting team and the CrowdStrike Services team — which combine to help many of the world’s leading companies and organizations identify and mitigate threats and respond to cyberattacks.
While this year’s report covers an incredible amount of cybersecurity knowledge and data gleaned from threat activity that CrowdStrike analyzed over the course of the past year, one finding is of particular interest to the team here at the GovCybersecurityHub — ransomware attacks in 2019 were bigger than even the CrowdStrike team anticipated.
According to the report, “CrowdStrike Intelligence anticipated that big game hunting (BGH) — targeted, criminally motivated, enterprise-wide ransomware attacks — [would] continue at least at the 2018 pace.” What they found instead was a massive escalation in ransomware attacks and an even larger increase in the ransoms being demanded.
Ransomware attacks in the past year accounted for a large percentage of the overall number of cyberattacks. According to the report, “Of all eCrime threats, ransomware represented 26% of what was reported in 2019. The number climbs to 37% of threats when ransomware reports are combined with reports of banking trojan malware operated by BGH adversaries …” Few other eCrimes and threats accounted for nearly as large of a percentage of the whole.
Even more frightening was the organizations that these cyberattacks targeted. CrowdStrike found a marked increase in the number of attacks targeting state and local government agencies, hospitals and educational institutions.
The company identified a rash of government-focused ransomware attacks in Spring 2019 that impacted state and local government agencies and schools. The attacks on education institutions intensified again in September of 2019 — just as students were heading back to school.
The targeting of these education institutions isn’t a complete surprise. As we previously heard from Matt LeMiere, Regional Sales Director for SLED West at CrowdStrike, “They’re considered a softer or easier target.” This perception is based on the fact that “many of the K-12 schools and districts don’t have full-time staff that are responsible for cybersecurity and are dedicated to protecting them.”
Healthcare organizations are very much in the same boat. According to Dennis Egan, Director of Healthcare East at CrowdStrike:
“Healthcare is a target that is perceived by adversaries to be low-hanging fruit … if you consider the value of medical records in nearly every type of fraud, the propensity for healthcare institutions to pay the ransom and the underinvestment in IT and security overall within this community, you can see why bad actors have formulated this opinion and why the attacks are on the rise.”
But that’s bad news for governments, educators and healthcare practitioners — as we alluded to earlier, the cost of these ransomware attacks is rising. A ransom request of $12.5 million was reported in 2019. And while that was the highest on record, it illustrates a trend — eCriminals are getting greedy.
Ultimately, this year’s CrowdStrike Global Threat Report shows that ransomware attacks are taking center stage among eCriminals. Why? Because they’re profitable.
Organizations have proven willing to pay ransoms, and malicious actors are responding by pushing the envelope to see just how much victims’ data and systems are worth to them. And with the emergence and growth of ransomware as a service (RaaS), the number of attacks will only rise as more malicious actors get in on the action. This should be especially troubling in the public sector, where funds are already limited and security often takes a backseat.
