Over the last few years, ransomware attacks have escalated both in frequency and the scope of industries affected. Destructive ransomware events are a serious subset of these attacks, which materially harm the victim by encrypting critical systems and impairing their operational capabilities.

For example, last year, a national social security agency was forced to close for multiple days, illustrating how severe destructive ransomware attacks can be.

Concerningly, even if a business fortifies its own cybersecurity defenses, it can still be vulnerable to weaknesses in the supply chain. Destructive ransomware events showcase how attacks damage other organizations beyond the initial target. Because no organization exists in isolation, managing ransomware risk is a shared responsibility.

So, how can individual firms manage their supply chain risks against cybersecurity threats and ransomware?

After cataloging and studying 1,454 publicly destructive ransomware events over eight years, we’ve put together key lessons for third-party risk management (TPRM) professionals. Prevent ransomware attacks with this guide.

Lesson 1: Do business with organizations that have good cybersecurity hygiene

Encouragingly, organizations with good cybersecurity hygiene have dramatically lower ransomware and data loss incident rates. Our study shows these firms have an incredible 35 times lower frequency of destructive ransomware events.

Coveware’s recent report supports our analysis. It highlights that from 2020 to 2023, almost half of the initial attack ingress vectors involved either exploiting unpatched software or unsafe network services.[1] These findings stress the importance of basic cybersecurity hygiene practices.

Unsurprisingly, organizations with poor security hygiene in their external surfaces provide easy initial entry vectors. They also likely lack the strong internal defenses needed to reduce ransomware risks. Conversely, organizations with rigorous security hygiene on externally observable systems and signals limit potential entry reports for cybercriminals. They are also more likely to have strong internal defenses.

In light of this, TPRM professionals should prioritize partners with strong cybersecurity measures to significantly reduce ransomware risks. Are there gaps in your current partnerships that negatively affect your security posture?

Lesson 2: Revisit your suppliers’ inherent risk ratings; criminals are targeting every sector

Ransomware threats are evolving dramatically, reaching beyond the traditional sectors of utilities, healthcare, and national governments. While healthcare companies remain primary targets — accounting for more than 18% of all destructive ransomware events — the range of victims has expanded significantly.

Now, ransomware affects casinos, hotels, local fire and police departments, agriculture, cruise lines, and even veterinary clinics. Cybercriminals increasingly compromise operationally sensitive systems, even if they don’t store or process sensitive data and transactions. This expansion means every vendor and partner is at risk.

Because no industry is immune — TPRM professionals should revisit their suppliers’ inherent risk ratings. Instead of evaluating suppliers solely on data or transaction sensitivity, consider which suppliers you depend on operationally. Expanding this focus will fortify your overall cybersecurity defenses.

Lesson 3: Ensure that your operationally important suppliers have 24 x 7 security operations

Criminal efforts are relentless. According to our analysis, nearly half (46%) of all ransomware detonations occur from Friday to Sunday. Organizations typically have fewer cybersecurity and IT professionals available during the weekend, which gives cybercriminals more opportunity to launch an attack before intervention.

For these same reasons, ransomware attacks during holidays are a prime target. Our analysis found that Veterans' Day had the highest holiday-related breach event frequency, running at 253% above average.

That’s why it’s critical that the suppliers you rely on maintain continuous security operations. Responding to a ransomware event as quickly as possible is vital to limiting damage and speeding up the recovery of systems and operations. Ensure those suppliers you rely on have around-the-clock security operations.

Deeper Insights for TPRM Professionals

In our new white paper, The 2024 State of Ransomware, we dive deeper with two additional critical lessons. Each lesson is thoroughly explored, supported by surprising statistics and actionable advice tailored specifically to the needs of TPRM professionals. Gain further insights into the impacts of ransomware, strategies for effective risk management, and practical advice to strengthen your cybersecurity defenses.

Download the report here


[1] https://www.coveware.com/blog/2024/1/25/new-ransomware-reporting-requirements-kick-in-as-victims-increasingly-avoid-paying