WannaCry has resurfaced again for some reason, amid a 57% global surge in the already-high ransomware attack levels: report
Following the recent disclosure of vulnerabilities affecting Microsoft Exchange Servers, one cybersecurity firm has observed a global surge in the number of ransomware attacks.
According to various reports and official alerts from the Cybersecurity and Infrastructure Security Agency (CISA) in the US, ransomware attacks are targeting Microsoft Exchange server by leveraging previously exposed and/or unpatched vulnerabilities.
Check Point researchers have report that, in the last week alone, the number of attacks involving Exchange Server vulnerabilities has tripled. With over 50,000 attack attempts seen globally, CPR has observed that the most targeted industries are government/military, manufacturing and banking/finance. The most affected country is the United States (49% of all exploit attempts), followed by the United Kingdom (5%), the Netherlands (4%) and Germany (4%).
The firm has also observed the following trends in ransomware attacks covered by its researchers:
- In the past six months, there has been a general increase in the number of attacks involving human-operated ransomware, such as Maze and Ryuk, in which victims have to negotiate with the criminals that launched the attack.
- In the last six months, there has been a 57% increase in the number of organizations affected by ransomware globally.
- Since the beginning of 2021, the number of organizations affected by ransomware has been growing at 9% monthly.
- In total, 3,868 organizations have been affected by ransomware attacks.
- The industry sector most targeted by WannaCry is government/military (18% of total attacks). This is followed by manufacturing (11%), banking and financial services (8%) and healthcare (6%).
- The countries most affected by ransomware attack attempts were the United States (12% of all attack attempts), followed by Israel (8%), India (7%) and Japan (6%), while Canada, Spain, Mexico, the United Kingdom, China and Portugal each saw 2%.
WannaCry surges … again!
Of particular concern is that WannaCry is also trending again, though it is unclear why. Since the beginning of the year, the number of organizations affected with WannaCry globally has increased by 53%. In fact, Check Point has found that there are 40 times more affected organizations in March 2021 when compared to October 2020.
The new samples still use the EternalBlue exploit to propagate—for which patches have been available for over four years.