Akamai has acquired Guardicore to extend its Zero Trust solutions and help stop ransomware. Read more

Blog

RSS

The Threat That Never Went Away Is Back (with a Vengeance)

Written by

Jim Black

June 29, 2021

Jim Black is a Sr. Product Marketing Manager at Akamai's Enterprise Security business unit. He has spent his entire career in technology in telecoms, mobile and security and has held roles in manufacturing, customer support, business development, product management, PR and marketing.

What is your recollection of May 2017? Emmanuel Macron won the French election. The Ringling Bros. and Barnum & Bailey Circus gave its final performance after a 146-year run. The U.S. FCC voted to overturn net neutrality rules. And the National Health Service in the United Kingdom was crippled by a massive ransomware attack that ended up costing over $120 million.

Fast-forward four years, and ransomware is once again making headlines by causing significant financial damage to organisations around the globe. For example, the recent attack on the Colonial Pipeline caused the company to shut down operations and once again garnered mainstream media attention. 

If you only follow mainstream media, your perception might be that ransomware attacks only happen occasionally. But the reality is that ransomware has never gone away. Since 2017, the volume of attacks has increased steadily, the cost of payments demanded by the attackers has soared, and remediation costs have continued to climb. 

Moreover, attackers have constantly evolved the tools and the attack vectors they use to deliver the ransomware payload. For a while, the payload was attached to phishing emails with the frequently used subject line, "Invoice Attached." That changed to a malicious link in the email that downloaded the payload when clicked by a victim. Attackers have also dropped an initial payload that allowed them to gain a foothold in the target network; after a period of time, the initial malware downloaded and executed the ransomware. 

Ransomware uptick in 2021

Based on an analysis of sampled DNS logs from the Akamai Intelligent Edge Platform, we can see that there has been a continued increase in requests to ransomware delivery domains since the start of 2021. 

Figure 1: Traffic to ransomware-associated malware websites Figure 1: Traffic to ransomware-associated malware websites

A noticeable increase in traffic to ransomware domains can be seen from mid-February until mid-March. The observed spike was attributed to a large increase in Ryuk ransomware, which is normally targeted at large businesses. Since the ransomware was first seen in the wild in August 2018, it's estimated to have netted the criminal group behind the attacks in excess of $150 million.

How Akamai can help improve your ransomware defenses

Akamai Enterprise Threat Protector is a cloud-based secure web gateway that proactively blocks requests to ransomware delivery domains and URLs using real-time threat intelligence. Additionally, it uses multiple malware detection engines, including a cloud sandbox, to inspect and analyse web traffic to detect ransomware payloads. Learn more about Enterprise Threat Protector.



Written by

Jim Black

June 29, 2021

Jim Black is a Sr. Product Marketing Manager at Akamai's Enterprise Security business unit. He has spent his entire career in technology in telecoms, mobile and security and has held roles in manufacturing, customer support, business development, product management, PR and marketing.