Ransomware Attacks 2021-2024:

            While  the  exact  ransom  amounts  paid  are  often  not  publicly  disclosed,  here  are  five  significant
            ransomware attacks that have hit headlines in the last three years:

               1.  MOVEit Attack (May 2023): The CL0P ransomware group exploited a vulnerability in MOVEit, a
                   popular file transfer software. This attack impacted numerous high-profile companies, including
                   the BBC, British Airways, and Ernst and Young, causing major disruptions. The ransom demands
                   and total amount paid remain undisclosed.

               2.  Colonial Pipeline Attack (May 2021): This attack targeted a critical piece of US infrastructure -
                   the Colonial Pipeline, which transports gasoline and diesel fuel across the East Coast. Using
                   DarkSide ransomware, the attackers forced the pipeline to shut down for several days, causing
                   fuel shortages and panic buying. Colonial Pipeline reportedly paid a ransom of $4 million.
               3.
                   Kaseya Supply Chain Attack (July 2021): REvil ransomware exploited a vulnerability in Kaseya
                   VSA,  a  remote  monitoring  and  management  software  used  by  Managed  Service  Providers
                   (MSPs). This attack rippled through the supply chain, impacting thousands of businesses that
                   relied on MSPs for IT support. The estimated ransom demands exceeded over $70 million, though
                   the amount paid is unknown.

               4.  Costa Rica Government Attack (April 2022): The Conti ransomware group launched a large-
                   scale attack on Costa Rica's government systems, crippling critical services like tax collection and
                   social security. The government refused to pay the ransom demands, opting for data restoration
                   efforts.

               5.  Hollywood  Presbyterian  Medical  Center  Attack  (February  2023):  This  attack,  using  the
                   LockBit ransomware strain, disrupted operations at the medical center, forcing them to delay
                   surgeries and appointments. The attackers demanded a ransom of $34 million, but the hospital's
                   response and the amount paid are undisclosed.


            The Fight Against Ransomware: Introducing Zero Trust

            Combating  ransomware  requires  a  multi-pronged  approach.  Businesses  need  robust  cybersecurity
            measures like data backups, user education, and endpoint protection. Governments are collaborating to
            disrupt ransomware operations and international law enforcement is working to track down perpetrators.
            There's growing awareness about the importance of not paying ransoms, as it incentivizes further attacks.

            One increasingly important defense strategy is Zero Trust. This security model assumes no user or
            device is inherently trustworthy, constantly verifying them before granting them access to resources.
            Here's how Zero Trust can specifically help against ransomware attacks:

               •  Limiting Lateral Movement: Ransomware often spreads within a network after gaining an initial
                   foothold. Zero Trust's micro-segmentation restricts access to specific resources, making it difficult
                   for ransomware to move laterally and encrypt vast amounts of data.




            Cyber Defense eMagazine – June 2024 Edition                                                                                                                                                                                                          70
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.