Barracuda Networks Ransomware Report Surfaces Attack Surge – Source: securityboulevard.com

An analysis from Barracuda Networks of 175 publicly reported successful ransomware attacks against municipalities, healthcare and education organizations between August 2022 and July 2023 finds that the number of these incidents has doubled year-over-year with the total number having quadrupled since 2021.

In total, 57% of the ransomware attacks tracked by Barracuda Networks were aimed at those three sectors, the report finds. Attacks on municipalities increased from 12% to 21%; attacks on healthcare increased from 12% to 18%; attacks on education went up from 15% to 18%.

Barracuda Network CTO Fleming Shi said given the ongoing success of these attacks the time has come for organizations to focus more on cybersecurity resiliency to limit the blast radius of any given ransomware attack.

The overall goal should be to accelerate the mean-time-to-recovery (MTTR) from ransomware attacks on the assumption that despite best efforts some subset will succeed, he added. The challenge then becomes how to recover data in a way that minimizes disruption to the organization, said Shi.

During the past 12 months, ransomware accounted for more than a quarter (27%) of the cyberattacks tracked by the security operations center (SOC) that Barracuda Networks makes available as a service. The only other prevalent type of attack is business email compromise at 36%, according to the report.

Of course, the backup systems that organizations rely on to recover are often one of the first targets of a ransomware attack. As a result, organizations need to make sure those systems are isolated so should one be compromised, they can still access a pristine copy of their data, noted Shi.

Additionally, organizations need to make sure strong multifactor authentication (MFA) mechanisms are in place to protect those systems from phishing attacks, he added.

It’s not clear how many organizations have shifted toward focusing more on resiliency versus continuing to rely on legacy approaches that focus either on protecting the perimeter or the endpoint, but as cybercriminals take advantage of generative artificial intelligence (AI) it will become more difficult to detect phishing attacks. As such, the probability that a ransomware attack is going to succeed only rises as the volume and sophistication of phishing attacks increase.

In the meantime, there is no substitution for testing backup and recovery processes. In addition to discovering that backup files have been encrypted by a ransomware attack, many organizations will discover during a testing process that some of those files have been corrupted.

Organizations should also understand how long it will take for them to recover if, for example, they are relying on backup files hosted in the cloud that then need to be downloaded and reinstalled in an on-premises IT environment.

Ideally, security operations and IT teams that manage backup and recovery are regularly collaborating to increase cyberresiliency. However, an ounce of prevention in the form of regular process testing is always worth more than the proverbial pound of cure.