The biggest ransomware attacks of 2020 and what we can learn from them

Ransomware is still a surging threat to businesses of all sizes — not even small enterprises are immune from the risk. However, by studying ransomware attacks on other organizations, you can develop good internet hygiene habits and robust data policies that effectively protect your business from ransomware operations.

2020 alone was huge for ransomware attackers. Below are some of last year’s worst ransomware events, and the lessons we learned from them:

2020’s worst ransomware attacks

Here are the worst attacks to happen in 2020:

1. University of California, San Francisco
   UCSF’s COVID research and hospital databases were hit by the NetWalker ransomware in June 2020, resulting in $1.14 million in ransom paid out. The NetWalker ransomware is a form of ransomware-as-a-service that a group of hackers called Circus Spider offers to other cybercriminals. Its primary method of spreading is through spam emails that lure victims into clicking on phishing links.
2. Westech International
   Westech International is an American defense subcontractor that provides technical, logistical, and operational support for the US Department of Defense’s LGM-30 Minutemen intercontinental missiles. It was hit by the Maze ransomware in June 2020, resulting in hostile encryption of classified military material as well as emails and payroll information.
3. Garmin
   GPS navigation and wearable tech giant Garmin was struck by WastedLocker ransomware attackers in July 2020. It was such a devastating targeted ransomware attack that it caused the Garmin Connect and flyGarmin services, as well as the company’s Asia-based production lines, to go offline for five days. The attack also affected Garmin’s call centers, rendering the company unable to respond to calls, emails, and online chats sent by Garmin users.
4. LG Electronics and Xerox
   Maze ransomware struck again in August 2020, when its operators hit LG Electronics and Xerox, resulting in the leak of almost 80GB of stolen data between the two companies. The stolen data included source codes of smart electronics devices and sensitive customer data. Both companies initially refused to pay the ransom, but they eventually suffered a second phase of their respective double extortion attacks.

Lessons learned

When it comes to ransomware, it’s not enough to learn from your own mistakes. Understanding how other organizations were attacked will help you develop ways to protect your own system beforehand. For instance:

1. Have redundancies
   Backups are absolutely necessary in the age of ransomware. Many companies used to operate with just a single repository of business data without any copies of its contents. If a ransomware attack gets hold of it, all business operations get frozen in an instant. Having regular, properly-synced backups will at least allow your organization to continue without disruption while you deal with security issues.
2. Invest in intrusion detection systems
   Intrusion detection is a critical tool in preventing ransomware attacks because ransomware operators don’t typically attack on a whim. There are seven stages to a ransomware attack, meaning it can take up to several weeks for an attacker to completely scope, penetrate, and infiltrate a system before they are able to encrypt its data. That is enough time for a well-run intrusion detection system to identify the ransomware attack, giving your IT partner or team time to isolate it.
3. Get proactive cybersecurity
   For cybersecurity to be truly effective, it needs to be deployed proactively. Preparing for the worst is key when it comes to data protection, as cyberthreats can strike at any given moment, without warning. So make sure that your data system is protected with cybersecurity solutions that mitigate threats before they have a chance to strike. Remember, prevention is better than cure!

Make the threat of ransomware manageable and preventable with OutsourceIT’s cybersecurity solutions. Contact us today to learn more about our services.