Ransomware surged 102% year-on-year at the start of 2021 as it emerged that Colonial Pipeline agreed to pay $5 million to extorters after a crippling attack that began last week.
The East Coast fuel pipeline was offline for five days after an attack struck last Thursday. However, contrary to initial reports that it refused to engage with the DarkSide threat group, the company actually paid within hours of the attack, two people familiar with the matter told Bloomberg.
It’s unclear whether the payment was funded by the company’s cyber-insurance policy. Such efforts have come under criticism of late for perpetuating the ransomware epidemic.
In fact, global insurer AXA recently revealed that it would no longer reimburse customers for payments to ransomware groups, although the new rules are restricted to France.
“In my opinion, the biggest factor at play here is the feedback loop of malicious activity created by surrendering and paying the ransom. This allows the groups to achieve a greater level of sophistication during their next attacks, whether that be via training, new tooling, purchasing credentials, or recruitment,” argued Mitch Mellard, principal threat intelligence analyst at Talion.
“Feeding this industry only ensures that they become collectively more of a threat in the long run, facilitating more breaches, more payments, and thus the cycle continues.”
The news comes as new figures from Check Point revealed that the number of ransomware victims it is monitoring has soared 102% year-on-year in the year-to-date.
The most heavily targeted sector in April was healthcare, with average weekly attacks during the month hitting nearly 110, followed by utilities (59) and insurance/legal (34).
The security vendor urged organizations to be particularly watchful near weekends and holidays when many attacks take place. It urged the use of behavior-based detection tools, prompt patching, user education and threat hunting for malware commonly used in initial access attacks.