Ransomware activities have increased seven-fold in the second half of 2020 compared to the first half as cyber adversaries continue to expand their attack surface to scale threat efforts around the world, reveals a new study.

According to ‘Global Threat Landscape Report’ from California-based cybersecurity company Fortinet, a number of factors including evolution of Ransomware-as-a-Service (RaaS), a focus on big ransoms for big targets, and the threat of disclosing stolen data if demands were not met combined to create conditions for this massive growth.

The semi-annual report said the most active of the ransomware strains were Egregor, Ryuk, Conti, Thanos, Ragnar, WastedLocker, Phobos/EKING and BazarLoader.

Healthcare firms, professional services companies, consumer services businesses, public sector organisations, and financial services firms were heavily targeted during this period.

The security firm said organisations need to ensure data backups are timely, complete, and secure off-site to effectively deal with the evolving risk of ransomware. Zero-trust access and segmentation strategies should also be investigated to minimise risk.

 “They (cyber attackers) maximised the expanded digital attack surface beyond the core network, to target remote work or learning, and the digital supply chain. Cybersecurity risk has never been greater as everything is interconnected in a larger digital environment. Integrated and AI-driven platform approaches, powered by actionable threat intelligence, are vital to defend across all edges and to identify and remediate threats organizations face today in real time,” Michael Joseph, Director System Engineering, India & SAARC, Fortinet, said.

A separate study by Netwrix, a company specialising in data security, said nearly 39% of healthcare organisations suffered ransomware attacks in the cloud in 2020. One in four of these were fined for non-compliance. 1 in 10 was sued as a result of a cloud breach, according to the global 2021 Netwrix Cloud Data Security Report.

Advanced Persistent Threat (APT) groups increasingly targeted organisations involved in COVID-19-related work including vaccine research and development of domestic or international healthcare policies around the pandemic.

The most common incidents that healthcare institutions experienced in the cloud were phishing (reported by 44% of organisations), ransomware (39%) and data theft by insiders (35%). Data theft was the hardest of the three to detect as more than half of organisations required days or weeks to flag it, while phishing and ransomware were spotted in hours or less by the overwhelming majority.

Microsoft documents, web browsers and IoT (Internet of Things) devices used at the homes of corporate employees were the top attack targets.

According to the study, the top consequences of cloud breaches in the healthcare sector were unplanned expenses to fix security gaps (24%), compliance fines (23%) and lawsuits (11%). Most healthcare providers attribute their cloud security challenges to lack of budget (61%), lack of IT/security staff (56%) and employee negligence (39%).

“An explosion of telehealth services and the shift of non-clinical employees to WFH increased the need for cloud technologies in the healthcare sector. As a result, new avenues for cyber threats opened up. Moreover, because hospitals and health systems are dealing with high caseloads caused by the pandemic, the threat to care delivery remains extremely high. Our report highlights the lack of security fundamentals that could improve the security posture of these organizations. They should consider stronger data governance processes to reduce their attack surface; real-time user activity monitoring to improve time to detect incidents; and training and security awareness programs for both IT staff and employees,” Ilia Sotnikov, VP of Product Management at Netwrix, said in the report.

Interestingly, the study found that 61% of healthcare organizations store customer data in the cloud and 54% store personal health records there while 32% of healthcare organizations needed days to discover accidental data leakage and supply chain compromise. Top security measures healthcare organizations are taking in response to cloud security challenges are encryption (78%), review of access rights (75%) and employee training (65%), the study highlighted.