413% Increase in Ransomware Attacks in Ireland, Warns Check Point Software

Following recent high profile ransomware attacks in Ireland, and the recent announcement by the Head of GCHQ that ransomware is now the biggest threat to security, Check Point Research (CPR) is revealing its latest findings in a fresh bid to warn Irish organisations to be more vigilant, as it believes the surge in ransomware attacks is yet to reach its pinnacle.

Check Point’s Country Manager for Ireland, Hugh McGauran says, “The ransomware business is booming. We’re seeing global surges in ransomware across every major geography, especially in the last two months, but it’s particularly alarming to see such an increase in Ireland. Alongside recent high profile attacks in our country, it has highlighted how much more work there needs to be done, particularly when it comes to preventing attacks from happening in the first place.

“We believe this surge in attacks is partly down to headlines around massive ransom pay-outs, such as Colonial Pipeline giving up $4.4M, attracting money-hungry cybercriminals. Second, threat actors have shifted their tactics from stealing data to disrupting critical infrastructure. Attacks on the latter weren’t really mainstream, until now. Week after week, from healthcare systems to JBS to the Colonial Pipeline, we’re seeing ransomware gangs go after some of the most critical facets of society.

“And third, hackers are increasingly becoming more creative and innovative in their ransomware tactics, introducing methods such as “triple extortion”, where the threat actors not only demand ransom from organisations but also threaten their customers, users and other third parties. Unfortunately, it’s only going to get worse, as I don’t think we’ve seen the peak for ransomware attacks. The threat actors behind ransomware aren’t just becoming bigger, they’re becoming better at what they do.”

Five Ways to Prevent a Ransomware Attack

1. Robust data backups

The goal of ransomware is to force the victim to pay a ransom in order to regain access to their encrypted data. However, this is only effective if the target actually loses access to their data. A robust, secure data backup solution is an effective way to mitigate the impact of a ransomware attack. If systems are backed up regularly, then the data lost to a ransomware attack should be minimal or non-existent. However, it is important to ensure that the data backup solution can’t be encrypted as well. Data should be stored in a read-only format to prevent ransomware from spreading to the drives containing recovery data.

2. Up-to-date patches

At the time of the famous WannaCry attack in May 2017, a patch existed for the EternalBlue vulnerability used by WannaCry. This patch was available a month prior to the attack and labelled as “critical” due to its high potential for exploitation. However, many organisations and individuals did not apply the patch in time, resulting in a ransomware outbreak that infected more than 200,000 computers within three days. Keeping computers up-to-date and applying security patches, especially those labelled as critical, can help limit an organisation’s vulnerability to ransomware attacks.

3. Dedicated anti-ransomware solutions

While the previous ransomware prevention steps can help in mitigating an organisation’s exposure to ransomware threats, they do not provide a perfect protection. Some ransomware operators use well-researched and highly targeted spear-phishing emails as their attack vector. These emails may trick even the most diligent employee, resulting in ransomware gaining access to an organisation’s internal systems.

Protecting against this ransomware that “slips through the cracks” requires a specialised security solution. In order to achieve its objective, ransomware must perform certain anomalous actions, such as opening and encrypting large numbers of files. Anti-ransomware solutions monitor programs running on a computer for suspicious behaviours commonly exhibited by ransomware, and if these behaviours are detected, the program can take action to stop encryption before further damage can be done.

4. Education

Training users on how to identify and avoid potential ransomware attacks is crucial. Many of the current cyber-attacks start with a targeted email that does not even contain malware, but a socially engineered message that encourages the user to click on a malicious link. User education is often considered one of the most important defences an organisation can deploy.

5. Be aware it doesn’t start with ransomware

It’s important to note that in many cases, ransomware is not delivered directly to networks, but is preceded by an initial infection. We’ve seen banking Trojans, keyloggers and frameworks such as Cobalt Strike commonly used. IT teams should be vigilant for any signs of infection on their networks, and in preventing these pre-infections, regularly updated endpoint protection software plays a key role. We recommend running a full compromise assessment any time there are signs of intrusion.

The data used in this report was detected by Check Point Threat Prevention’s technologies, stored and analyzed in Check Point ThreatCloud. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from Check Point Research – The Intelligence & Research Arm of Check Point Software Technologies.