In 2019, there has been an unprecedented number of ransomware attacks on governments, schools, school districts and healthcare organizations in the U.S., with more than 621 entities being impacted in the first nine months of the year (see State of Ransomware in the U.S.: 2019 Report for Q1 to Q3).
The rate of attacks, however, appears to be slowing. In July, 44 organizations were impacted; in August, 24; in September 24 again; and in October, only 16. We initially speculated that the decrease in numbers was due to U.S. organizations being on high alert, bolstering their IT and, as a result, being less susceptible to attack. Given the deficiencies in public sector security that were highlighted by the research of UMBC’s Professor Donald Norris and his team and by the damning report issued last month by the Mississippi Department of Audit, it would certainly seem that improvements are much needed, so this would have been good news indeed.
It appears, however, that we may have been mistaken about the reason for the decrease. Data collected by the EPSRC EMPHASIS Ransomware project and shared with us by Professor David Wall of the University of Leeds shows summer spikes in previous years with a decline in the following months.
Why would this be? Professor Wall believes it may be due to threat actors timing attacks for the periods when organizations will be most vulnerable. “Our interviewees told us that attackers tended to launch campaigns when organizations were ‘off guard’ and weaker, such as at holiday times, when they were undermanned and covered by less skilled workers, so the attacks are more successful,” said Wall.
Another possibility is that the rate of attacks is constant, but the attacks are more likely to succeed during vacation periods. Employees will be familiar with types of email they typically receive, so are likely to be able to spot a message that is unusual and potentially malicious. They may not, however, be so familiar with the types of emails their colleagues receive so, when covering during vacation periods, may be more likely to open a malicious attachment – especially as they may well be busier than usual.
This is simply speculation and it is impossible to say with any certainty why there seems to be more successful attacks in the summer months. It does, however, highlight the need for better reporting and information sharing. If organizations understand where their weaknesses and vulnerabilities may lie – such as vacation periods – they can take corrective action. Without such information, they may well be more vulnerable than they otherwise would be.
As Algirde Pipikaite and Marc Barrachin recently wrote in an article for Harvard Business Review, “Information is power and, in cybersecurity, it’s the power to prevent other similar events.”
Note: EPSRC EMPHASIS Ransomware project’s statistics may not match our previously released statistics as the data sets are yet to be aggregated.
The post Seasonal ransomware highlights the need for better reporting and information sharing appeared first on Emsisoft | Security Blog.
*** This is a Security Bloggers Network syndicated blog from Emsisoft | Security Blog authored by Emsisoft Malware Lab. Read the original post at: https://blog.emsisoft.com/en/34595/seasonal-ransomware-highlights-the-need-for-better-reporting-and-information-sharing/