Following the recent disclosure of vulnerabilities affecting Microsoft Exchange Servers, Check Point Research (CPR) has observed a global surge in the number of ransomware attacks.
In fact, since the beginning of 2021, there has been a 9% increase monthly in organisations affected by ransomware.
This uptick includes a 57% increase in organisations affected by ransomware in the past six months.
According to various reports and official alerts from the Cybersecurity and Infrastructure Security Agency (CISA) in the US, ransomware attacks are targeting Microsoft Exchange servers by leveraging previously exposed vulnerabilities.
In the last week alone, the number of attacks involving Exchange Server vulnerabilities has tripled.
With over 50 000 attack attempts seen globally, CPR has observed that the most targeted industries are government/military, manufacturing, and banking/finance.
The most affected country is the US, with 49% of all exploit attempts, followed by the UK (5%), the Netherlands (4%) and Germany (4%).
In Africa, the most attacked countries include South Africa with (38%), followed by Kenya with (26%) and Nigeria with (9%).
CPR has also observed the following trends in ransomware attacks:
* In the past six months, there has been a general increase in the number of attacks involving human-operated ransomware, such as Maze and Ryuk, in which victims have to negotiate with the criminals that launched the attack.
* In the last six months, there has been a 57% increase in the number of organisations affected by ransomware globally.
* Since the beginning of 2021, the number of organisations affected by ransomware have been growing at 9% monthly.
* In total, 3 868 organisations have been affected with ransomware.
WannaCry, the wormable ransomware that made its debut four years ago, is also trending again, though it is unclear why.
Since the beginning of the year, the number of organisations affected with WannaCry globally has increased by 53%. In fact, CPR found that there are 40-times more affected organisations in March 2021 when compared to October 2020.
The new samples still use the EternalBlue exploit to propagate – for which patches have been available for over four years, highlighting why it’s critical that organisations patch their systems as soon as updates are available.