Ransomware: Over half of attacks are targeting these three industries

Over half of ransomware attacks are targeting one of three industries; banking, utilities and retail, according to analysis by cybersecurity researchers – but they’ve also warned that all industries are at risk from attacks. 

The data has been gathered by Trellix – formerly McAfee Enterprise and FireEye – from detected attacks between July and September 2021, a period when some of the most high profile ransomware attacks of the last year happened. 

According to detections by Trellix, banking and finance was the most common target for ransomware during the reporting period, accounting for 22% of detected attacks. That’s followed by 20% of attacks targeting the utilities sector and 16% of attacks targeting retailers. Attacks against the three sectors alone account for 58% of all of those detected.  

Utilities is a particularly enticing industry for ransomware gangs to target, because the nature of the industry means it provides vital services to people and businesses and if those services can’t be accessed, it has an impact – as demonstrated by the ransomware attack against Colonial Pipeline, which led to gas shortages in the North Eastern United States. The incident saw Colonial paying a ransom of millions to cyber criminals in order to receive the decryption key.  

SEE: A winning strategy for cybersecurity (ZDNet special report)

Ransomware attacks against retailers can also have a significant impact, forcing shops to be restricted to taking cash payments, or even forcing them to close all together while the issue is resolved, preventing people from buying everyday items they need. 

Other sectors which were significant targets for ransomware include education, government and industrial services, serving as a warning that no matter which sector they operate in, all organisations could be a potential target for ransomware.  

“Despite the financial, utilities and retail sectors accounting for nearly 60% of all ransomware detections – no business or industry is safe from attack, and these findings should act as a reminder of this,” said Fabien Rech, VP EMEA for Trellix.   

“As cybercriminals adapt their methods to target the most sensitive data and services, organisations must shore up their defences to mitigate further threats.” 

While several high-profile ransomware groups of 2021 seem to have disappeared or gone dark, particularly following arrests, new gangs and malware strains are emerging all the time and ransomware remains a key cybersecurity threat to organisations around the world. 

In order to help protect networks against ransomware and other cyber attacks, it’s recommended that organisations regularly apply the required security updates to operating systems, applications and software, something which can prevent hackers from exploiting known vulnerabilities to launch attacks. 

It’s also recommended that organisations apply multi-factor authentication across all accounts and that security teams attempt to scan for credential stealing attacks and other potential suspicious activity in order to prevent attacks before they happen.

MORE ON CYBERSECURITY