Over half of ransomware attacks are targeting one of three industries; banking, utilities and retail, according to analysis by cybersecurity researchers – but they've also warned that all industries are at risk from attacks.
The data has been gathered by Trellix – formerly McAfee Enterprise and FireEye – from detected attacks between July and September 2021, a period when some of the most high-profile ransomware attacks of the past year happened.
According to detections by Trellix, banking and finance was the most common target for ransomware during the reporting period, accounting for 22% of detected attacks. That's followed by 20% of attacks targeting the utilities sector and 16% of attacks targeting retailers. Attacks against the three sectors in combination accounted for 58% of all of those detected.
SEE: A winning strategy for cybersecurity (ZDNet special report)
Utilities is a particularly enticing industry for ransomware gangs to target because the nature of the industry means it provides vital services to people and businesses, and if those services can't be accessed, it has an impact – as demonstrated by the ransomware attack against Colonial Pipeline, which led to gas shortages in the north eastern United States. The incident saw Colonial paying a ransom of millions to cyber criminals in order to receive the decryption key.
Ransomware attacks against retailers can also have a significant impact, forcing shops to be restricted to taking cash payments, or even forcing them to close altogether while the issue is resolved, preventing people from buying everyday items they need.
Other sectors that were significant targets for ransomware include education, government and industrial services, serving as a warning that no matter which sector they operate in, all organisations could be a potential target for ransomware.
"Despite the financial, utilities and retail sectors accounting for nearly 60% of all ransomware detections, no business or industry is safe from attack, and these findings should act as a reminder of this," said Fabien Rech, VP EMEA for Trellix.
"As cyber criminals adapt their methods to target the most sensitive data and services, organisations must shore up their defences to mitigate further threats."
While several high-profile ransomware groups of 2021 seem to have disappeared or gone dark, particularly following arrests, new gangs and malware strains are emerging all the time and ransomware remains a key cybersecurity threat to organisations around the world.
In order to help protect networks against ransomware and other cyberattacks, it's recommended that organisations regularly apply the required security updates to operating systems, applications and software, which can prevent hackers from exploiting known vulnerabilities to launch attacks.
It's also recommended that organisations apply multi-factor authentication across all accounts and that security teams attempt to scan for credential-stealing attacks and other potential suspicious activity in order to prevent attacks before they happen.
MORE ON CYBERSECURITY
- This company was hit by ransomware. Here's what they did next, and why they didn't pay up
- Bosses are reluctant to spend money on cybersecurity. Then they get hacked
- Average ransomware payment for US victims more than $6 million, survey says
- After ransomware arrests, some dark web criminals are getting worried
- Have we reached peak ransomware? How the internet's biggest security problem has grown and what happens next