published : 2023-10-27

Ransomware Rampage Hits Record High with the US as Its Top Target

How Nasty Online Crooks are Holding Victims' Data Hostage with Their Terrible Tricks

A photo of Steve Stone, head of Rubrik Zero labs, taken with a Canon EOS 5D Mark IV

Global ransomware attacks are at an all-time high after steadily increasing over the last few years. According to a report from Malwarebytes, the US is the top target in the world for all ransomware attacks, accounting for over 43% of the last 1,900 reported attacks in the last year.

But why is the US the biggest target? What could we be doing wrong that's making it so easy for ransomware attackers to go after us? To find answers, I spoke with Steve Stone, head of Rubrik Zero labs, the Data Threat Search Unit at the cloud data management and data security company Rubrik.

Ransomware attacks happen when hackers encrypt the data on a system and demand a ransom to restore access. If the ransom is not paid, the hackers may threaten to delete or leak the data, making it a very serious attack.

Some of the most notorious ransomware groups, such as Clop, REvil, DarkSide, and Conti, operate as ransomware-as-a-service (RaaS) platforms. They provide the ransomware software and infrastructure to other cybercriminals, sharing the profits.

In the past year, major organizations in sectors like healthcare, education, energy, and transportation have been targeted by these groups. One high-profile victim was CalPERS, the largest pension fund in the US, which had its data stolen and leaked by Clop through a third-party vendor.

A photo of a hacker sitting in front of a computer, taken with a Nikon D850

Ransomware attacks can affect anyone who uses a computer or a device connected to the internet. Personal files, such as photos, videos, documents, and emails, can be locked by hackers who demand a ransom for their release.

In the past, ransomware attackers had to go through numerous steps to reach their goals. However, the emergence of 'Ransomware-as-a-service' has changed the game. Ransomware operators now write software that hackers can easily pay to launch attacks, making it less work for a bigger reward.

According to Stone, ransomware actors are primarily focused on getting paid and don't spend much time finding the right target. This sets them apart from government-sponsored efforts, which are more targeted.

While the government is working to combat ransomware attacks, it's a complex and ever-changing problem. Stone emphasized that the government and individuals need to continuously improve their efforts to stay ahead of attackers.

To protect yourself from ransomware attacks, it's crucial to take preventative measures. Avoid opening emails from unknown senders and refrain from clicking on suspicious links or attachments. Use reliable antivirus software and regularly update your operating system and applications.

A photo of a person backing up their data on an external hard drive, taken with a Sony Alpha a7 III

Creating backups of your data on an external hard drive and disconnecting it from your computer when not in use can also safeguard against attacks. Additionally, create strong, unique passwords for your accounts and do not pay the ransom if you become a victim.

If you do fall victim to ransomware, disconnect your device from the internet and contact law enforcement immediately. Restoring your data from backups and considering identity theft protection can also help mitigate the damage.

Ransomware attacks pose a serious threat, especially to high-value targets like the US. By staying vigilant and implementing proper cybersecurity measures, individuals and organizations can reduce the risk and impact of these attacks.