SOCRadar® Cyber Intelligence Inc. | ​​Why Ransomware Is a Major Threat to Certain Industries


Eki 13, 2021
6 Mins Read

​​Why Ransomware Is a Major Threat to Certain Industries

Ransomware attacks are on the rise and continue to be disruptive in the cybersecurity industry, affecting everything from financial institutions to higher education.

Ransomware attacks affect every industry and almost every business of any size. In 2019, nearly 56% of organizations across multiple sectors reported a ransomware attack. Due to the rise in remote work prompted by the pandemic, attacks are up 148%.

For this reason, we can predict that more different sectors will be affected by ransomware attacks, especially during the pandemic period. In this blog post, we will try to convey the latest research on the industries most affected by the attacks.

1- Healthcare

This information-intensive industry is a frequent target for its stores of data. Health care and medical organizations access and store electronic healthcare records, which contain large amounts of personal information and financial details. The WannaCry ransomware attack, for instance, devastating operations at Britain’s National Health Service (NHS) and negatively impacted patient care.

Two significant attacks on healthcare institutions in the US, and one major attack in Germany, have raised a lot of awareness about this. While some groups have pledged not to attack healthcare targets, they remain attractive because the pressure is more significant to pay.

This industry’s strict compliance standards aim to detect any exploitablevulnerabilities. Still, healthcare entities need to have their networks and systems locked down to facilitate HIPAA compliance and protect electronically protected health information (ePHI).


2- Farming and food production

A ransomware attack on a supply chain may seem impersonal, but what if an attack affected your ability to put food on the table literally?

Food and agriculture are some of the many critical infrastructure sectors increasingly being targeted with ransomware attacks. As the sophistication of the modern supply chain advances and as the industry becomes more reliant on smart technologies and Internet of Things (IoT) processes, the attack surface expands. Supply chain disruptions caused by COVID revealed weaknesses that hint at vulnerabilities. Farming and food supply may also not be entirely up to date on cybersecurity practices.

Disrupting this supply chain can get expensive quickly, which often motivates the payment of ransom demands.

The FBI’s Cyber Division released a private industry notification, detailing how and why ransomware attacks on the sector are increasing:

“Ransomware attacks targeting the Food and Agriculture sector disrupt operations, cause financial loss, and negatively impact the food supply chain. Ransomware may impact businesses across the sector, from small farms to large producers, processors and manufacturers, and markets and restaurants.”

3- Education

Educational institutions are targeted for several reasons:

  • Valuable intellectual property from campus research
  • Student and employee personal information
  • Computer processing power

Additionally, higher education institutions have a high turnover in their population, resulting in poor password protection and susceptibility to social engineering. The average cost of a ransomware attack in the higher education industry is $447,000. Since 2020, 1,681 higher education facilities have been affected by 84 ransomware attacks.

According to a BlueVoyant report, 66% of universities lack basic email security configurations. 38% of analyzed universities in BlueVoyant’s Cybersecurity in Higher Education Report had unsecured or open database ports.

Increased tech use for remote learning during lockdowns increases the surface area for attacks. Ransomware attacks against universities increased by 100% between 2019 and 2020.

4- Manufacturing

The manufacturing industry has overwhelmingly embraced automation and digitization, capitalizing on the improved efficiency in controlling and monitoring operations. However, the efficiency comes with a catch: a higher risk of cyberattack from modern malware technology.

According to Darktrace, cyberattacks against manufacturers increased seven times between January and April 2020. Twenty-six percent of companies Darktrace surveyed didn’t have a division overseeing security at factory management systems.

Cybercriminals are drawn to the most vulnerable and profitable sectors, which is probably why in 2020, the manufacturing sector received 17 percent of the attacks on businesses and organizations. In a Manufacturing Business Technology magazine article, there is a list of main reasons why these facilities are gold mines for hackers:

  • Higher Probability of Getting Paid: Access to all these systems and data is excellent leverage to push the company to pay a ransom, and downtime resulting from such an attack can cause extensive damage.
  • High-Value Data: A ransomware attack involves denying the user control of their systems. But modern hackers sometimes incorporate data-extraction malware as well. So, suppose they get sensitive data such as intellectual property. In that case, the hackers can extort more money from the manufacturer or sell it to competitors.
  • Extorting Third Parties: Sometimes, the extracted data is about third parties, like suppliers, clients, and partners. The hackers can use the data to demand a ransom from those entities as well.

5- The legal sector

Law firms are often still catching up in security practices for data, leaving a higher probability of success for the attacker. Research and Markets estimate legal services will be a one trillion dollar market by 2025 worldwide.

Organizations in the legal industry rely on IT heavily or many of their critical operations. The very nature of this industry makes them prime candidates for ransomware attacks.

By locking down IT systems and critical data with malware that encrypts these resources, ransomware groups demand a payment to decrypt the compromised assets.

Ransomware is a significant issue in the cyber threat landscape for the legal sector. According to a report by Sharon D. Nelson and John W. Simek:

  • The most notable change in industries impacted by ransomware attacks in Q1 2021 was the professional services industry, specifically law firms.
  • Malicious emails (phishing) from which ransomware attacks often originate are up 600% due to COVID-19.
  • The average ransom payment demanded by successful attackers grew sharply from $5,000 in 2018 to $200,000 in 2021.

Public infrastructure, energy, and more are potential targets as well. The point is, any sufficiently valuable sector with any legacy infrastructure is ripe for a ransomware attack, so you need to be prepared.

Discover SOCRadar® Free Edition

With SOCRadar® Free Edition, you’ll be able to:

  • Discover your unknown hacker-exposed assets
  • Check if your IP addresses tagged as malicious
  • Monitor your domain name on hacked websites and phishing databases
  • Get notified when a critical zero-day vulnerability is disclosed

Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.
Try for free