Ransomware, Microsoft attacks are surging at the same time
The two trends are overlapping in the wake of the Cybersecurity and Infrastructure Security Agency’s (CISA) recent alerts on ransomware attacks targeting Microsoft Exchange servers, according to Check Point Research (CPR).
The CPR report cited a 57% increase in ransomware attacks on organizations it tracks within the last six months and a 9% increase in ransomware attacks each month since the beginning of the year.
And the number of attacks on Microsoft Exchange servers tripled in the week before the report was published, bringing the total number of attacks on Microsoft Exchange servers documented by CPR to over 50,000. In response to these attacks, Microsoft Security Intelligence tweeted on March 11 that ransomware was being used to exploit Exchange Servers.
“Two trends are happening concurrently. One, cyberattacks targeting Microsoft Exchange servers are increasing sharply. Two, ransomware attacks are simultaneously rising steadily,” Lotem Finkelstein, manager of Threat Intelligence at Check Point, said in a statement.
Although CPR hasn’t been able yet to definitively determine that the two trends are directly related, it believes the Microsoft Exchange vulnerabilities opened a door.
“We’re urging organizations to act now,” Finkelstein said.
WannaCry ransomware is trending again too: CPR found the number of organizations affected by WannaCry has increased by 53%.
WannaCry is notorious as a ransomware worm that spread rapidly through a number of computer networks in May of 2017. It encrypts the files on the PC's hard drive, locking users out, then demands a ransom payment in bitcoin in order to decrypt them.
Since the beginning of the year, the number of organizations affected with WannaCry globally has increased by 53%, CPR said, adding that there are 40 times more affected organizations in March 2021, when compared to October 2020.
Ominously, CPR says the U.S. sees the most ransomware of any single country, with 12% of all ransomware attack attempts globally as well as the most Microsoft Exchange server attacks, with 49% attack attempts compared to other countries.
The culprits in the Microsoft attacks are a ransomware group known as BlackKingdom and another unknown group deploying a new malware strain called DearCry, according to CPR.
The top three industry sectors that saw the most ransomware attack attempts are government/military (18%), manufacturing (11%) and finance/banking (8%).