2021 was a busy year for cybersecurity professionals. An influx of major high-profile ransomware attacks impacted supply chains and even inspired a first-ever presidential executive order promising to bolster cybersecurity defenses. Throughout the summer, several critical Microsoft vulnerabilities, including PrintNightmare and HiveNightmare, sent sysadmins scrambling to patch their environments. The year ended with a bang with Log4Shell, one of the most widespread and severe vulnerabilities that the cybersecurity community has dealt with.
Let’s take a look back at some 2021 cybersecurity statistics and ransomware trends.
Unsurprisingly, ransomware was a common occurrence in 2021. One of the major drivers of this prevalence was the growing ransomware-as-a-service market, an underground market in which ransomware developers outsource their operations to affiliates who then execute the attack. Ransomware affiliates don’t need to have as much technical expertise, which significantly lowers the barriers to entry.
Colonial Pipeline. On May 7, the DarkSide group deployed ransomware on the organization’s computerized equipment that manages the pipeline. DarkSide’s attack vector was a single compromised password to an active VPN account that was no longer in use.
While the attack didn’t affect operational technology systems, it did compromise the company’s billing system, which forced Colonial Pipeline to temporarily halt operations.
Within several hours of the attack, Colonial Pipeline paid the requested ransom of $4.4 million with the assistance of the FBI. On June 7, the Department of Justice announced that it had recovered approximately $2.3 million of the ransom payment.
Ireland’s Health Service Executive (HSE). Ireland’s HSE, which provides healthcare and social services, was hit by a variant of Conti ransomware in May that affected many health services in Ireland, such as processing blood tests and diagnostics.
The organization refused to pay the ransom of $20 million in Bitcoin and avoided paying because the Conti ransomware group handed over the software decryption key for free. However, the health service in Ireland still faced months of significant disruption as it restored 2,000 IT systems affected by the ransomware.
Kaseya. Kaseya, an IT services company for MSP and enterprise clients, was a victim of REvil ransomware during the July 4th holiday weekend. Although only .1% of Kaseya’s customers were breached, an estimated 800 to 1500 small to mid-sized businesses were affected through their MSP.
The attackers identified a chain of vulnerabilities in Kaseya’s on-premises VSA software, which organizations typically run in their DMZs. REvil was then able to use MSP’s Remote Monitoring and Management (RMM) tools to push out the attack to all connected agents.
Ransomware groups were busy in 2021, but so were we. In 2021, Blumira…
Cyberattacks are constantly evolving, and Blumira’s team works hard on your behalf, performing threat hunting to help you stay protected against attacks. Our incident detection engineers constantly develop detection rules based on known attacker techniques and automatically deploy them in Blumira’s cloud SIEM platform.
Many traditional SIEM vendors charge their customers based on data volume, but Blumira offers a simple pricing model to eliminate those cost concerns. Customers can ingest unlimited data and logs at no extra cost.
To get started, try Blumira for free.