Trending
ee-track">
Link copied!

Ransomware Attacks Trends – May 2021 Snapshot

The month of May was quite dramatic from the ransomware attacks perspective. The big picture view of the ransomware attacks are below (grouped by industries and number of victims): The intent of bringing these insights…

June 9, 2021 · 3 min read
Ransomware Attacks Trends – May 2021 Snapshot

The month of May was quite dramatic from the ransomware attacks perspective. The big picture view of the ransomware attacks are below (grouped by industries and number of victims):

Canvas Ransomware

The intent of bringing these insights is to understand better and identify any patterns. We are not interested in highlighting any particular breach.

Some of the key findings are:

  • Avaddon and Conti were the most active ransomware groups
image 64

image 63
  • Over 2,400 victims in total (since 2019)
  • The key targets of the ransomware groups were – Manufacturing, Construction, and Financial Services.
image 65

  • The most impacted regions were the United States of America, Germany, and the United Kingdom
  • image 66

    Recommendations:

    • CISA has published detailed documentation in addressing the risk related to ransomware.
    • Enable multi-factor authentication for remote access to OT and IT networks.
    • Enable strong spam filters to prevent phishing emails from reaching end users. Filter emails containing executable files from reaching end users.
    • Implement a user training program and simulated attacks for spearphishing to discourage users from visiting malicious websites or opening malicious attachments and re-enforce the appropriate user responses to spearphishing emails.
    • Filter network traffic to prohibit ingress and egress communications with known malicious IP addresses. Prevent users from accessing malicious websites by implementing URL blocklists and/or allowlists.
    • Update software, including operating systems, applications, and firmware on IT network assets, in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to determine which OT network assets and zones should participate in the patch management program.
    • Limit access to resources over networks, especially by restricting RDP. After assessing risks, if RDP is deemed operationally necessary, restrict the originating sources and require multi-factor authentication.
    • Set antivirus/antimalware programs to conduct regular scans of IT network assets using up-to-date signatures. Use a risk-based asset inventory strategy to determine how OT network assets are identified and evaluated for the presence of malware.
    • Disabling macro scripts from Microsoft Office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full Microsoft Office suite applications.
    • Implementing application allow listing, which only allows systems to execute programs known and permitted by security policy. Implement software restriction policies (SRPs) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs, including the AppData/LocalAppData folder.
    • Monitor and/or block inbound connections from Tor exit nodes and other anonymization services to IP addresses and ports for which external connections are not expected (i.e., other than VPN gateways, mail ports, web ports).

    About Cyble

    Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.com

    AI Threat Intelligence

    Stop Executive Threats
    Before They Strike

    Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

    Scroll to Top

    Book your session

    Request a Personalized Demo

    See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

    Select one or more options

    Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

    Your information is encrypted and never shared.
    SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

    Download the brochure

    Get the Cyble Vision Brochure

    Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

    Select one or more options

    Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

    Your information is encrypted and never shared.
    SOC 2 Type II GDPR compliant Trusted by 1,000+ teams