2021 was regarded as The Year of Ransomware.
The world saw an alarming 105% surge in ransomware cyberattacks last year. The attacks are designed to cripple people or businesses by making their computer systems unusable until they pay money or “ransom.”
Governments worldwide saw a 1,885% increase in ransomware attacks, and the health care industry faced a 755% increase in those attacks in 2021, according to the 2022 Cyber Threat Report released Thursday by SonicWall, an internet cybersecurity company. Ransomware also rose 104% in North America, just under the 105% average increase worldwide, according to the report.
It’s still unclear why there was such a dramatic leap. The increase in ransomware was linked to the rise in remote work and company employees working outside their office networks, the Guardian reported last year. Individual companies that pay ransomware demands could also be perpetuating that behavior, PBS reported.
“Ransomware operators are profit driven,” Dmitriy Ayrapetov, the VP of platform architecture at SonicWall, told Fortune. “As long as there is a profit they will continue to bring in new players, actors, etc. And of course, on the other side, a lack of security or a lack of preparation allows for this to continue.”
Last year, ransomware attacks hit supply chains, causing widespread system downtime, economic loss, and reputational damage, according to the report.
JBS USA, the world’s largest meat supplier, was attacked and paid an $11 million ransom in May 2021 in Bitcoin to prevent further disruption, according to CNET. The FBI attributed the attack on JBS to REvil, a Russian-speaking ransomware gang, NPR reported.
How to prevent cyberattacks:
Be vigilant about patching
One simple solution to prevent ransomware attacks is to diligently “patch” and keep your software up-to-date. Patching is when you update your computer software regularly.
“Everything that everybody uses today in the digital economy and digital society is software. All software has ongoing updates that can be applied,” Ayrapetov told Fortune. “When you run an old version of infrastructure software, that in our industry means that they haven’t patched. The majority of those releases are security updates. So when people put off patching, they’re really priming themselves to be soft targets for hackers on the internet.”
Acquaint yourself with CISA guides
Ayrapetov recommends familiarizing yourself with the the Cybersecurity and Infrastructure Security Agency (CISA) guides against ransomware attacks, which he calls “definitive sources for malware prevention.”
The agency’s guide breaks down how to create cyber incident response plans and also recommends regular vulnerability scanning on internet-facing devices.
To increase your organization’s level of digital protection, the guide also recommends that organizations implement a cybersecurity user awareness and training program that includes instructions and guidance on how to identify and report suspicious activity like phishing.
No one is immune
The majority of small-business owners are not worried about being the victim of a cyberattack, with 56% stating they are not concerned about being the victim of a hack in the next 12 months, according to a 2021 CNBC Momentive Q3 Small Business Survey. And 24% said they were “not concerned at all.”
This false sense of protection from cyberattacks does not match the rise in malicious digital events that Americans are facing, according to Ayrapetov, who is emphatic that cyberattacks are universal and that everyone is vulnerable.
“By having an online presence by doing things online, everybody from individuals to organizations are automatically in the cybersecurity discussion,” Ayrapetov told Fortune. “It’s something that should be woven into the fabric of every organization and not as an add-on or an afterthought. Hackers will continue to attack the most important asset, which is data, and everyone needs to take steps to be proactive.”