The top two targets for ransomware attacks are the _________

These days everyone can be the target for a ransomware attack if they have attractive data and essential data. It also depends on how quickly to a ransom demand, how vulnerable your security is, and how vigorously you keep employees trained about phishing emails, etc.

Table of Contents Show

MORE ON CYBERSECURITY
1. Education
3. Business, professional and legal services
4. Central government
6. Manufacturing
7. Energy and utilities infrastructure
8. Healthcare
9. Local government
10. Financial services
Everyone is a potential ransomware target

Some firms are more vulnerable to cyberattacks, because of the weak technologies they use, the age of their employees, the cost for replacement, identity governance, and overall cybersecurity system regulated by the government.

There are various institutions and departments which are always vulnerable to cyber-attacks, and given below are the top five top targets for ransomware attacks.

Education

In the last few years, educational institutions like colleges and universities have been the top ransomware targets. The reason behind most of the successful attacks in educational organizations have smaller IT teams, deal with budgetary constraints, and have a high rate of network file sharing.

As an educational organization carries the social security numbers, medical records, intellectual property, research, and financial data of faculty, staff, and students, cybercriminals are more interested in targeting the educational firms.

Government

Another top target for a ransomware attack is the government agencies. Government agencies such as police protection are more vulnerable to ransomware attacks because they are time-sensitive and crucial. These firms need to respond quickly to emergency and urgency in the recovery of their data and are more willing to pay the ransom amount.

Healthcare, energy/utilities, retail, finance

Healthcare firms are also vulnerable to ransomware attacks. Healthcare units and hospitals get ready to pay the ransom quickly as they need their patient’s data that are in a critical stage of life.

Other departments like utilities, retails, and finance are also a top target for ransomware attacks, so they carry massive data, and recovery them is quite tricky; that is why they prefer to pay the ransom.

HR departments

The human resource department in every firm is also the top priority of ransomware attacks. The cybercriminal poses as a job applicant that contains malware, and when the HR professional opens the email or attachment from an unknown sender, the spread the ransom into their system.

Mobile devices and Macs

The cybercriminal targets mobile devices and Macs devices through a ransomware attack. They don’t not only target PC or window computer but vast numbers of mobile files also.

Over half of ransomware attacks are targeting one of three industries; banking, utilities and retail, according to analysis by cybersecurity researchers – but they've also warned that all industries are at risk from attacks.

The data has been gathered by Trellix – formerly McAfee Enterprise and FireEye – from detected attacks between July and September 2021, a period when some of the most high-profile ransomware attacks of the past year happened.

According to detections by Trellix, banking and finance was the most common target for ransomware during the reporting period, accounting for 22% of detected attacks. That's followed by 20% of attacks targeting the utilities sector and 16% of attacks targeting retailers. Attacks against the three sectors in combination accounted for 58% of all of those detected.

SEE: A winning strategy for cybersecurity (ZDNet special report)

Utilities is a particularly enticing industry for ransomware gangs to target because the nature of the industry means it provides vital services to people and businesses, and if those services can't be accessed, it has an impact – as demonstrated by the ransomware attack against Colonial Pipeline, which led to gas shortages in the north eastern United States. The incident saw Colonial paying a ransom of millions to cyber criminals in order to receive the decryption key.

Ransomware attacks against retailers can also have a significant impact, forcing shops to be restricted to taking cash payments, or even forcing them to close altogether while the issue is resolved, preventing people from buying everyday items they need.

Other sectors that were significant targets for ransomware include education, government and industrial services, serving as a warning that no matter which sector they operate in, all organisations could be a potential target for ransomware.

"Despite the financial, utilities and retail sectors accounting for nearly 60% of all ransomware detections, no business or industry is safe from attack, and these findings should act as a reminder of this," said Fabien Rech, VP EMEA for Trellix.

"As cyber criminals adapt their methods to target the most sensitive data and services, organisations must shore up their defences to mitigate further threats."

While several high-profile ransomware groups of 2021 seem to have disappeared or gone dark, particularly following arrests, new gangs and malware strains are emerging all the time and ransomware remains a key cybersecurity threat to organisations around the world.

In order to help protect networks against ransomware and other cyberattacks, it's recommended that organisations regularly apply the required security updates to operating systems, applications and software, which can prevent hackers from exploiting known vulnerabilities to launch attacks.

It's also recommended that organisations apply multi-factor authentication across all accounts and that security teams attempt to scan for credential-stealing attacks and other potential suspicious activity in order to prevent attacks before they happen.

MORE ON CYBERSECURITY

Someone in your company gets an email. It looks legitimate — but with one click on a link, or one download of an attachment, everyone is locked out of your network. How do you identify ransomware and what should you do to protect your business?

To find out how much you know about ransomware, select the correct response for each question or statement.

Check out these additional resources like downloadable guides
to test your cybersecurity know-how.

In the summer of 2019, a public community college in the state of Washington suffered a catastrophic ransomware attack. "They lost every server. Everything -- email, coursework, lectures -- everything was gone," said Steve Garcia, information security officer at Wenatchee Valley College (WVC) in Wenatchee, Wash., which is part of the same educational system as the targeted school. "It was pretty devastating."

The breach occurred when an IT employee logged in to a server from a home computer to perform routine weekend maintenance and then checked email, accidentally clicking on a phishing link that initiated the attack, according to Garcia. The malware infected and then encrypted the backup server, requiring the college to rebuild its entire IT environment from scratch. The rebuilding process took months and caused student enrollment to plummet. "It was an eye-opener. You read about it, you hear about it, but it's typically a private sector company, far away. It's different when it hits that close," he said.

That school isn't alone. According to a 2021 survey of 5,400 IT decision-makers by cybersecurity vendor Sophos, one in three organizations had suffered a ransomware incident over the previous 12 months. The education and retail sectors took the hardest hits, with 44% of those organizations fielding attacks. But experts cautioned that, while some organizations might be at slightly higher risk of becoming ransomware targets than others, no single industry shoulders all, or even most, of the risk. To that point, the top 10 most targeted industries' incident rates all hovered within seven percentage points of the 37% cross-sector average. The takeaway: No organization is safe.

Forrester analyst Steve Turner said his own research suggested a relatively even distribution of ransom attacks across verticals. However, ransomware incidents in certain industries, such as critical infrastructure and healthcare, tend to result in the most headlines.

Turner pointed to the recent attack on Ireland's national healthcare system as an example. "That got media coverage because of the scale of the attack," he said. "That's the stuff that folks want to hear about and that kind of strikes the fear of God in them."

Whether a 500-person company or a 50,000-person company, everybody's a target. Chris SilvaGartner

On the other hand, incidents involving lower-profile targets, such as local governments and small businesses, typically attract less attention, leading to the misperception that they are less attractive ransomware targets. Unfortunately, that's far from the case.

"Whether a 500-person company or a 50,000-person company, everybody's a target," said Chris Silva, analyst at Gartner. Why? Ransomware gangs are businesses. "What attackers really seem to be looking at is where they can expect the maximum financial impact," he explained. That might mean a single, massive attack on a natural gas pipeline or many attacks spread across dozens of small businesses.

Bearing all of that in mind, what follows are the 10 top -- but by no means the only -- ransomware targets, based on the Sophos survey and other data.

1. Education

The education sector has become one of the top ransomware targets in recent years. In 2021 alone, 88 attacks disrupted operations across more than 1,000 schools, colleges and universities, according to 2022 research from antimalware vendor Emsisoft.

In one such incident, New York's Buffalo Public Schools system was forced to halt in-person and virtual learning for 34,000 students for a week in March 2021. On the higher education front, Howard University had to cancel two days of classes after discovering a ransomware attack over the 2021 Labor Day weekend.

Emsisoft reported that in at least half of the education sector's 2021 ransomware incidents, hackers stole sensitive employee and student data, some of which they released online.

2. Retail

Along with educational organizations, almost half of all retail companies were ransomware targets in 2020, according to Sophos' survey results. And, of those retail organizations that had not been hit in the past year, 34% said they expect to suffer an attack in the future.

In April 2021, Computer Weekly learned that British retailer FatFace paid the Conti ransomware gang a $2 million ransom following a successful phishing campaign. Then, in July, an unprecedented supply chain attack on software provider Kaseya ultimately infected as many as 1,500 businesses. Among them was Swedish grocery store chain Coop, which had to close the majority of its 800 stores for three days to deal with the attack. The retailer said the malware prevented many of its cash registers from working.

The education and retail sectors reported the highest attack rates between January 2020 and February 2021

3. Business, professional and legal services

Companies in the business, professional and legal services sector, which includes accounting, advertising, consulting, engineering, marketing and law firms, can make attractive ransomware targets. Many in this sector are in possession of highly sensitive data and may have the financial resources to pay large ransomware demands. Small shops are also more likely to have outdated or lackluster cybersecurity strategies, making it relatively easy for criminals to gain access to their networks.

In February 2021, major law firm Campbell Conroy & O'Neil said ransomware operators had accessed and encrypted files that included sensitive personal information, such as Social Security numbers and financial data. The high-profile trial attorneys have represented numerous Fortune 500 companies, including Boeing, Chrysler, FedEx, Home Depot, Johnson & Johnson, Liberty Mutual and Marriott International.

Fortunately, other recent incidents in this sector, such as an attack in April 2021 on engineering firm Dennis Group and another in August 2021 on IT consulting firm Accenture, resulted in minimal fallout. Both organizations were able to fully restore their systems without engaging the hackers.

4. Central government

Sophos' global survey of 117 IT decision-makers from central government organizations found 40% of them had suffered a ransomware attack in the preceding 12 months. As previously mentioned, Ireland's national health service fell victim to a ransomware attack in May 2021 that forced the government to shut down all hospital IT systems, seriously disrupting patient care. Two years earlier, an attack shut down a U.S. Coast Guard facility for almost three days.

5. IT

Unit 42, Palo Alto's threat research and consulting group, reported a 65% increase in ransomware incident response cases in the IT sector between 2019 and 2020. The researchers attributed this, in part, to the abrupt migration to remote work, with ransomware operators using pandemic-themed phishing content to prey on victims at an unusually vulnerable time.

In early 2021, ransomware gang REvil compromised Taiwan-based PC manufacturer Acer's network and made one of the largest ransom demands on record: $50 million. It's unknown if the company paid the ransom. Other recent ransomware targets in the IT sector have included Apple laptop manufacturer Quanta Computer, vehicle inspection technology provider Applus Technologies, backup storage vendor ExaGrid and software provider Kaseya.

Today's ransom demands, such as this one from REvil, often threaten to exfiltrate and expose stolen data if victims don't pay.

6. Manufacturing

Threat researchers at Unit 42 also found that, in 2020, ransomware operators published stolen information from 45 manufacturing companies -- the most of any sector -- on leak sites, where criminals post data from victims who don't meet ransom deadlines. Sophos' survey suggested 36% of manufacturers fielded attacks that same year.

In May 2021, a REvil ransomware attack brought operations to a halt at beef manufacturer JBS USA, one of the United States' largest meat suppliers. Although the company said it was back up and running within four days thanks to its backup servers, JBS USA later confirmed paying $11 million to the hackers to prevent data exfiltration and leaks.

Sophos found in its 2021 survey that manufacturing and production companies are the best prepared to restore data from backups and, perhaps consequently, the least likely to pay ransoms.

7. Energy and utilities infrastructure

Organizations from the oil, gas and utilities sector conversely are the most likely to pay ransomware demands, Sophos found, a reality likely well known to cybercriminals. "They are quite good at understanding where critical infrastructure pieces exist, how they can hit them and how they can use that to really put the heat on their victims," Gartner's Silva said.

Perhaps the most infamous ransomware attack to date was discovered in May 2021. After reportedly infiltrating the Colonial Pipeline Co. via a legacy VPN account, the DarkSide gang shut down operations and disrupted the U.S. East Coast's fuel supply for days. Although the ransomware operators successfully collected $4.4 million, the Department of Justice said it later recovered half of that payment using a private key.

8. Healthcare

Medical centers' high-stakes work and widespread security vulnerabilities make them "a favorite target" of cybercriminals, according to the Ransomware Task Force, a group of tech executives that makes recommendations to the White House. Some gangs seem to have seen the COVID-19 pandemic, in particular, as a business opportunity, with hospitals more likely to bow to ransom demands while grappling with an unprecedented and deadly health crisis.

Ransomware attacks affected more than 1,200 American healthcare facilities in 2021, according to the Emsisoft report. The federal Health Sector Cybersecurity Coordination Center, part of the Department of Health and Human Services, counted 82 separate ransomware incidents in the global healthcare sector in the first five months of the year alone. (Note: A single incident can impact numerous hospitals and clinics.)

A recent ransomware attack on a hospital in Düsseldorf, Germany, forced healthcare workers to send a patient with a life-threatening condition to another hospital 20 miles away. The patient later died, with German prosecutors saying it might have been the first ransomware-related fatality. Investigators opened a negligent homicide case but abandoned it when they couldn't prove the breach directly caused the woman's death.

9. Local government

In slightly better news, Emsisoft also found that ransomware struck at least 77 local governments and agencies in the U.S. in 2021. While still considerable, that number is down from the previous two years, which each saw 113 such attacks. In fact, a report from colocation, cloud and disaster recovery services provider Sungard Availability Services found that just 11 states were not affected by a ransomware attack targeting a municipality in 2019 and 2020. In Texas alone, local governments experienced 39 attacks during that period.

In 2021, ransomware gangs seem to have shifted their attention from major cities such as Atlanta to smaller towns and counties, according to the Emsisoft researchers. They theorized this may be because larger local governments have improved security measures and are less vulnerable to attacks.

Alarmingly, however, nearly one in four local government organizations admitted to having no malware recovery plan in place in the 2021 Sophos survey. This sector is also the most likely to see data encrypted in an attack and the second most likely to pay ransom demands.

10. Financial services

Ransomware's impact on the financial services sector has the potential to be widespread and catastrophic. New York's Department of Financial Services recently warned that a major ransomware attack could cause "the next great financial crisis" by crippling key organizations and causing a loss of consumer confidence.

Unfortunately, attacks in this sector appear to be skyrocketing. Financial institutions reported 635 incidents of ransomware-related activity to the Treasury Department in the first half of 2021 alone – 30% more than in all of 2020. Payments were also up, with incidents in that six-month period totaling $590 million. were 42% higher than in all of the previous year.

In March 2021, ransomware operators hit CNA Financial, one of the largest commercial insurers in the U.S. Bloomberg reported that CNA paid a $40 million ransom demand, although the firm has not confirmed that figure. Network operations required almost two months to be fully restored.

Everyone is a potential ransomware target

While research suggested organizations across these 10 industries are among the top ransomware targets, experts emphasized that no organization -- regardless of size or sector -- is immune. That reality and memories of the attack on his nearby peer institution keep WVC's Garcia up at night.

The information security officer said that, after learning of the ransomware incident at WVC's sister college, he immediately dropped everything he was working on to assess his own organization's network infrastructure and cybersecurity posture. Garcia reviewed server access, application activity, data classification and retention policies, endpoint security and more. His team also deployed a new air-gapped backup system using technology from Veeam and ExaGrid, going over every account setting with a fine-toothed comb. "If our entire infrastructure is compromised, I want to know my backup data is going to be secure," he said.

His counterparts at other schools in the Washington community college system went through similar exercises after the attack, Garcia added, describing a sudden "flurry of awareness" in the region. He and other college security leaders even held a series of emergency meetings to share knowledge, brainstorm and engage in ransomware tabletop exercises.

Garcia said his goal is not to dodge a ransomware attack altogether, which experts and statistics suggest is next to impossible. Rather, it's to survive it. "Maybe we lose half our servers and some specific subnets, and we're restoring from backup," he said. "But at least it's a survivable scenario, versus having everything gone, like what happened to that other community college."