The researchers also observed a 70% average increase in attempted ransomware attacks in November and December compared to January and February. Following a record number of ransomware attacks this year, the company expects the spike to be higher over the 2021 holiday period.
During the nascent 2021 holiday season, Darktrace’s AI detected and autonomously stopped an in-progress, early-stage ransomware attack on a US city before any data exfiltration or encryption could occur. The city’s security team had the foresight to deploy an AI solution to combat multi-stage ransomware attacks, enabling them to stop the attackers at the earliest stage.
Ransomware is often falsely considered an encryption problem. This misconception masks and undermines attackers’ determination and creativity to initially break into and then move around within an organisation’s digital environment first to discover, then steal and encrypt data. The break-in is often through email, but that quickly evolves to targeting servers where the data lives. Therefore, a combination of email and network security is crucial to stop these attacks.
Powered by Self-Learning AI, Darktrace technology develops an understanding of normal business operations for each organisation. It autonomously interrupts in-progress attacks at every stage from the initial entry with sophisticated spearphishing emails to brute-forced remote desktop protocol (RDP), command-and-control, and lateral movement, all without business disruption.
“Based on what we’ve seen in previous years, holidays are consistent target periods for cyber-attackers. Interestingly, the largest rise in attempted ransomware attacks is between Christmas and New Year’s when attackers know there will be fewer eyeballs on screens defending against threats,” commented Justin Fier, Director of Cyber Intelligence and Analytics, Darktrace. “Business leaders should know that there is available technology that can identify and respond to the initial warning signs of ransomware before attackers can hold critical systems hostage, even when human security teams are out of office.”