Building a New Assessment: How to Assess Ransomware Attack Readiness and Recovery
Abstract
In 2021, approximately 37 percent of global organizations in IDC's 2021 Ransomware Study reported being the victim of a ransomware attack. Tech Target, which reported on the study, also noted that in 2021 and 2022, new ransomware trends emerged as attackers realized that certain techniques, such as supply chain attacks and double extortion, yielded better results. To get an appreciation for the scope of these attacks, AAG reported that there were 623.3 million attacks in 2021. Ironically, AAG also reported a 23% drop of attacks in 2022, which may be an indication of improved defenses. Regardless, ransomware has targeted critical infrastructure. A ransomware attack on a water distribution system in Israel, for example, shook executives at American utilities, and one on a petrochemical plant in Saudi Arabia revealed the vulnerability of its oil production. Protection of our nations critical infrastructure and those agencies and organizations that support it is of the utmost priority. The CERT Division at the Software Engineering Institute (SEI) of Carnegie Mellon University (CMU) aims to provide organizations with recommendations that would both reduce the likelihood of a ransomware attack and mitigate its effects if one was to occur.
Document Details
- Document Type
- Technical Report
- Publication Date
- Aug 01, 2023
- Accession Number
- AD1210343
Entities
People
- Brett Tucker
Organizations
- Carnegie Mellon University