Darktrace has reported that its security researchers discovered a 30 per cent increase in the average number of attempted ransomware attacks globally over the holiday season in every consecutive year from 2018 to 2020 compared, with the monthly average.
The researchers also observed a 70 per cent average increase in attempted ransomware attacks in November and December compared with January and February. Following a record number of ransomware attacks this year, the company expects the spike to be higher over the 2021 holiday period.
According to Justin Fier, director of cyber intelligence and analytics at Darktrace, the largest rise in attempted ransomware attacks is between Christmas and New Year’s when attackers know there will be fewer eyeballs on screens defending against threats.
“Based on what we’ve seen in previous years, holidays are consistent target periods for cyber attackers."
“Business leaders should know that there is available technology that can identify and respond to the initial warning signs of ransomware before attackers can hold critical systems hostage, even when human security teams are out of office,” Fier said.
During the nascent 2021 holiday season, Darktrace’s AI detected and autonomously stopped an in-progress, early-stage ransomware attack on a US city before any data exfiltration or encryption could occur.
The city’s security team had the foresight to deploy an AI solution to combat multi-stage ransomware attacks, enabling them to stop the attackers at the earliest stage.
Ransomware is often falsely considered an encryption problem. This misconception masks and undermines attackers’ determination and creativity to initially break into and then move around within an organisation’s digital environment first to discover, then steal and encrypt data. The break-in is often through email, but that quickly evolves to targeting servers where the data lives – a combination of email and network security is crucial to stop these attacks.
Powered by self-learning AI, Darktrace technology aims to develop an understanding of normal business operations for each organisation.
It is designed to autonomously interrupt in-progress attacks at every stage from the initial entry with sophisticated spear-phishing emails to brute-forced remote desktop protocol (RDP), command-and-control, and lateral movement, all without business disruption.