India has seen the most number of ransomware attack attempts per organization, with an average of 213 weekly attacks since the beginning of the year, a report said on Tuesday. According to Check Point Research, India is followed by Argentina, Chile, France and Taiwan with 104, 103, 61 and 50 per organisation, respectively.
The report said that the global surge in ransomware attacks has hit a 102 per cent increase this year compared to the beginning of 2020 and shows no sign of slowing down. While in North America, healthcare organisations have suffered the most attacks since the beginning of the year, in Europe, utilities absorb the most attacks.
In APAC, insurance/legal are most impacted, while in LATAM, it is the communications industry. In Africa, the financial and banking sector is the most attacked.
According to the report, prominent attacks that have taken place at the end of 2020 and the beginning of 2021 point at a new attack chain -- essentially an expansion to the double extortion ransomware technique, integrating an additional, unique threat to the process -- called as Triple Extortion.
The first notable case is the Vastaamo clinic attack, which happened in October 2020. Innovative at the time, the 40,000-patient Finnish psychotherapy clinic suffered a yearlong breach that culminated in extensive patient data theft and a ransomware attack.
A decent ransom was demanded from the healthcare provider, but surprisingly, smaller sums were also demanded from the patients, who had received the ransom demands individually by email.
In those emails, the attackers threatened to publish their therapist session notes. This was the first attack of its kind within the ransomware attacks landscape, the report said. The report notes that some ransomware operators use well-researched and highly targeted spear-phishing emails as their attack vector.
Protecting against this ransomware that "slips through the cracks" requires a specialised security solution. To achieve its objective, ransomware must perform certain anomalous actions, such as opening and encrypting large numbers of files.
Anti-ransomware solutions monitor programmes running on a computer for suspicious behaviours commonly exhibited by ransomware, and if these behaviours are detected, the programme can take action to stop encryption before further damage can be done.