According to the “Vectra 2019 Spotlight Report on Ransomware”, recent ransomware attacks have cast a wider net to ensnare cloud, data center and enterprise infrastructures.

Cybercriminals are targeting organizations that are most likely to pay larger ransoms to regain access to files encrypted by ransomware. The cost of downtime due to operational paralysis, the inability to recover backed-up data, and reputational damage, are particularly catastrophic for organizations that store their data in the cloud.

For instance, first seen in August 2018, Ryuk has targeted more than 100 U.S. and international businesses, including cloud service providers like DataResolution.net. CrowdStrike characterizes the approach used by Ryuk as “big-game hunting” because attackers have made off with millions of dollars from a wide range of victim organizations with perceived high annual-revenues.

The report found that that while ransomware is dangerous, the total volume of detections has been decreasing for some time. California experienced the largest percentage of the total volume of file encryption in ransomware attacks, followed by Texas and Ontario.

In North America, the percentage of the total number of incidents exhibiting ransomware network file encryption per industry:

  • Finance and insurance (38 percent)
  • Education (37 percent)
  • Government (9 percent)
  • Manufacturing services (5 percent) 
  • Healthcare (3 percent)
  • Retail (3 percent)
  • Energy (1 percent)

In Europe and the Middle East: 

  • Finance and insurance (35 percent)
  • Healthcare (18 percent)
  • Energy (17 percent)
  • Manufacturing (13 percent)
  • Services (8 percent)
  • Tech (4 percent)
  • Retail (4 percent)
  • Government (1 percent)

“Our research indicates that 53 percent of organizations say they have a ‘problematic shortage’ of cybersecurity skills today and the ramifications of it are very evident with fast-moving ransomware attacks,” said Jon Oltsik, senior principal analyst at the Enterprise Strategy Group. “The industry simply doesn’t have enough trained security folks scanning systems, threat hunting or responding to incidents.”