Risk of Ransomware in SaaS Applications

The risk of Ransomware in SaaS Applications is growing rapidly year over year. Sophos, a leader in cybersecurity, published a survey of 5,400 IT decision-makers across 30 countries. The survey was conducted in January and February 2021. The survey explores the prevalence of attacks, impact on victims with year-on-year trends. The survey also reveals actual ransom payments made by victims.  They found that 37% of mid-sized organizations had been affected by ransomware attacks in the last year alone.
The topic is also discussed in a blog post by Afi, a modern Microsoft 365 and Google Workplace backup service.

Let’s take a look at some interesting discoveries in Sophos survey:

1. Larger organizations are more likely to be hit by the attacks. 42% of companies with 1000-5000 employees had ransom incidents, compared to 33% of companies with 100-1000 employees.
2. Attack levels vary across the globe. The U.S. is a very popular target due to the perceived potential to demand high ransom payments. Poland, Colombia, Nigeria, South Africa, and Mexico report some of the lowest levels of attack, most likely due to a result of lower GDP. India is a leader in topping the list, with 68% of respondents reporting they were hit by ransomware last year.
3. Retail, Education, business & professional services suffer the most, while IT, Technology, Telecom, Manufacturing, Energy (Oil. Gas) and Healthcare are not far behind.
4. Another interesting find is the comparison of the year 2021 to the year 2020. In 2021 only 54% of cybercriminals were able to encrypt data, compared to 2020 when 73% of cybercriminals were able to encrypt data. In 2021 39% of attacks were stopped before the data could be encrypted vs the year 2020 when only 24% of attacks were stopped.
5. More victims are paying the ransom – In 2020 only 26% of organizations paid ransom to get data back, but 32% of victims paid a ransom in 2021 to get data back.
6. What about the cost of the ransom? The average payment was US$107,404. The most common payment was US$10,000, but the highest payment was a massive US$3.2 million. Those figures vary so extensively due to various reasons. The first one is location. The cost of ransom is higher in developed western countries, while in India, the ransom was much lower. Organization size plays a major role as organizations with up to 1000 employees have fewer resources compared to larger companies. Attack nature also plays a major role, as sophisticated, targeted attacks yield better results.

The conclusion from Sophos survey is that ransomware protection does protect organizations from serious damage and that backup is crucial. In fact, if organizations have good backup procedures, they can restore their operations quickly and at a low cost.

The ransomware threat is on the rise

RiskSense researchers report a massive threat growth over the past years. In the latest report, they detected 223 vulnerabilities associated with 125 ransom families. Compared to their 2019 report where they found 57 CVEs associated with only 19 ransomware families.

If bad actors targeted only applications and operating systems in the past, they have quickly shifted and begin targeting perimeter technologies like VPN’s, remote access services, and zero trust. SaaS had the highest count of vulnerabilities. Top products with the highest number of vulnerabilities would be services you would never expect like Apple’s iCloud, Microsoft Outlook 365, Oracle’s Fusion, Lotus Domino, etc…

Do you think that using Microsoft Outlook 365 is secure, and you can’t be used as an attack vector? Do you remember Kevin Mitnick? He is a white hat hacker, and he has demonstrated what is the fear of many cloud users – how RansomCloud can encrypt Microsoft Outlook 365 data.

3 types of RansomCloud attacks

• The first type of RansomCloud attack infects local computers. Victims usually open email attachments (phishing attacks) designed to install the malware. The malware then encrypts the local computer in the background. Once the computer is infected, malware can hop to other network devices. Malware can gain access to the cloud storage and encrypt data in the cloud.
• SaaS login with stolen credentials. The second type of attack steals a user’s cloud credentials. For example, a user’s mobile phone or computer is infected with malware. In the background, malware is watching for SaaS authentication attempts. It can log all the keyboard strokes, or it can redirect a user to the custom page – typically a replica of the actual cloud authentication website. When a user enters credentials, username and password are saved, and the user is redirected to the actual webpage.
• A successful attack on the cloud provider. A successful attack on a cloud provider is able to bring in a lot of money, so attackers are investing more resources to break in. For example, in August 2019 Digital Dental Record and PerCSoft announced that their Safe Cloud platform that their platform has been hit by Ransomware. Approximately 400 dental surgeries had their data encrypted. Also, online Crypto Exchanges have fallen victim to hackers stealing Bitcoin and various cryptocurrencies.

How to defend against Ransomware and your data?

Ransomware protection for computer systems is essential. Also, you need to educate your users about phishing attacks. That way, you can prevent malware from infecting a computer and stealing your credentials. The most important step to safeguard your data is backup. You can backup your data in the cloud and on-premise. In case your data is encrypted, you can quickly restore all the information and continue where you left off when you noticed that data got encrypted.