Halting The Rise Of Ransomware

Despite hope last year that successful ransomware attacks were on the wane, 2023 has seen a revival of ransomware. Companies continue to face the threat of locked down hardware, losing access to critical data, and potentially having that data released publicly if they refuse to acquiesce to extortionate ransom demands. 

It’s not hard to track the reasons for ransomware’s resurgence. IT departments employed proactive methods - including regular backups, encryption, and network security - to combat the so-called ‘golden age’ of ransomware caused by the pandemic-led shift to hybrid and remote working.

Statistics suggest such plans are no longer being given the same priority. Just 68% of companies allocated a budget in 2022 to protect against ransomware compared to 93% in 2021. Moreover, only half of those surveyed were taking proactive steps to prevent such attacks, such as regular data backups. Instead, as media headlines declined, companies appear to have lowered their defences. 

Ransomware works, and it is not going away. Victims are incentivised to pay, because an attack could cause serious reputational and regulatory damage as well as an average of 20 days of business downtime.

Criminals could net millions with a successful ransomware deployment – demands of US$70 million  and upwards from a single compromised business are not unheard of. In only the first three months of 2023, companies were forced to spend around $450 million to regain control of their data, and could potentially spend more. The golden age of ransomware is clearly not over, and its impact may be rising exponentially.

The Rise Of Commercial Ransomware

The lucrative nature of ransomware means it has, progressively, moved away from the domain of lone hackers or small groups. Ransomware is an increasingly professional criminal endeavour, employed with a focused approach specifically tailored for maximum impact to hackers’ targets, however big or small they may be. Attackers have become more brazen and public with their extortion methods, threatening to release sensitive data like company records, client lists, or trade secrets publicly or even making ransom demands to an affected business’s third-party clients.

Mounting a ransomware attack does not even demand a huge amount of expertise. Any prospective hacker can access Ransomware-as-a-Service (RaaS). As part of a profitable secondary cybercrime market, RaaS sees malware authors offering off-the-shelf variants of malicious software, along with expertise on its use and ready-made databases of online credentials, for a fee. An open market for ransomware means an attack could potentially come from any source at any time, making a solid backup and encryption policy absolutely essential.

Growing Physical Vulnerabilities In The Workplace

Ransomware must be deployed within a company’s systems to work. Attackers can use various means to gain access to systems, from directly targeting insecure networks and computers to exploiting previously undiscovered digital vulnerabilities. The number of potential avenues of attack is growing all the time. The wide-ranging devices which make up the Internet of Things (IoT), for example, are likely to number over 22 billion by 2024, each of them a tiny network-connected computer.

The trend towards commonplace remote and hybrid working also highlights new vulnerabilities for more traditional computer hardware, as employees use insecure home networks or even public Wi-Fi in places like coffee shops. 

The distributed workforce means VPNs are a target. Working in public places means criminals can discover passwords by simply watching a user type them in. A single lost or unattended laptop could be enough for a hacker to gain the credentials to launch an attack. The inevitable growth of technology means those wishing to utilise brute force to deploy ransomware within a network have stronger tools available to them, backed by higher processing power. Protecting one’s data with encrypted, air-gapped backups nullifies any potential impact that any of these attack vectors could hold; there is no brute force method which can come close to breaking AES 256-bit hardware encryption.

Using Confidence Tricks To Shatter Security

Often, ransomware attackers attempt to gain access to networks with more simplistic methods like phishing. Spoof emails are surprisingly effective: two in three users open phishing emails, a third will click the links or attachments within, and half of those will enter details into fake login screens. Their potential success rate means the use of phishing emails is growing, too. In Q1 this year, malicious emails made up a quarter of all email messages, an all-time high . 

Phishing works so well because phishers have mastered social engineering confidence tricks and employ meticulous research and Artificial Intelligence (AI) tools to make their emails seem authentic. In addition to broad email campaigns, they research and target specific individuals with more valuable access credentials. Phishers also use AI to replicate the writing style of powerful employees in order to make their emails appear more authentic -  a process known as spear phishing. Reports suggest that newer AI-generated phishing emails can convince users to click through and fill in a form up to 80% of the time .  

Bypassing the ingenuity and methodology of those wishing to deploy ransomware - whatever their method -  requires consistently vigilant behaviour, and a Zero Trust approach.

Zero Trust is a framework which offers no implicit trust to any entity which interacts with your organisation. Under Zero Trust, every device, user, platform, tool, or vendor must clearly demonstrate its security credentials. It is an essential component of digital hygiene, and, if properly understood by all employees, is the best way to minimise the possibility of a ransomware attack. In some cases, though, hackers with insider knowledge may find a way to infiltrate a network regardless of an organisation’s policies. So, any cyber resilience plan must be joined by a matching IT infrastructure.

Encryption & Backups - The Two-Pronged Solution To Ransomware

As creative as one’s network policies may be, there is no other option: organisations must implement consistent encryption and a strong backup policy in order to protect their data. In the case of a ransomware attack, the presence of a backup accelerates the speed of any recovery efforts and potentially avoids an expensive and embarrassing payout. An air-gapped backup, one stored on an external device not attached to the network, cannot be affected by ransomware.

Backups should, therefore, be kept in triplicate online, offline, and off-site - a strategy known as the 3-2-1 rule, which ensures there is always a backup available in the case of physical or digital disaster. 

Add encryption, and you introduce an extra layer of security to your backups. In the unfortunate event that an external drive is lost or stolen, encryption makes its contents functionally useless to those without the key, minimising the possibility of a damaging data breach. Hardware encryption helps to streamline and foolproof this process by encrypting and decrypting data automatically without needing to install special software.

The correct hardware backup and encryption solution removes a large amount of business vulnerability, and a lot of worry. Employees no longer need to be concerned with awkward software, or even whether they are doing the right thing – hardware encryption is secure by default. Physical and logical separation between encryption keys and the data they protect renders hacking attacks useless. And with a solid plan in place for recovery, ransomware will end up little more than a temporary inconvenience.

John Michael is CEO at iStorage

Image: panumas nikhomkhai

You Might Also Read: 

Improving Data Security To Ensure Cybersecurity Compliance:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Securing Kubernetes Helm: Vulnerabilities & Defensive Strategies
Global Law Firm Breached & Data Stolen »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

RoboForm

RoboForm

RoboForm's industry-leading encryption technology securely stores your passwords, with one Master Password serving as your encryption key.

Quality Professionals (Q-Pros)

Quality Professionals (Q-Pros)

QPros are a recognized leader in providing full-cycle software quality assurance and application testing services.

Miratech

Miratech

Miratech is a global IT services and consulting organization offering a full range of IT infrastructure solutions and services including cyber security.

ReliaQuest

ReliaQuest

ReliaQuest’s GreyMatter solution connects existing technology, people, and process – then equips security teams with unified, actionable insights across their entire environment.

NodeSource

NodeSource

NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security.

Secureframe

Secureframe

Companies from startups to enterprises use Secureframe to automate SOC 2 and ISO 27001 compliance, complete audits, and continuously monitor their security.

VCG Group

VCG Group

VCG provides everything you need for the design, implementation and management of data centres, cyber-secure enterprise networks, cloud and connectivity services.

DeepFactor

DeepFactor

DeepFactor is the industry’s first Continuous Observability platform enabling Engineering and AppSec teams to find and triage RUNTIME security, privacy, and compliance risks in your applications.

In-Q-Tel (IQT)

In-Q-Tel (IQT)

IQT is the non-profit strategic investor that accelerates the development and delivery of cutting-edge technologies to U.S. government agencies that keep our nation safe.

Comcast Technology Solutions (CTS)

Comcast Technology Solutions (CTS)

Comcast Technology Solutions delivers proven technologies for global video, media, communications, data applications, and cybersecurity & compliance.

Orca Technology

Orca Technology

Orca is a UK-based Managed Service Provider delivering end-to-end managed IT services, support, hosted desktop, cloud solutions and strategic guidance.

Anzen Technology Systems

Anzen Technology Systems

Anzen create software solutions which allows organisations to utilize the public cloud for sensitive or classified information, whilst increasing data security and retaining data sovereignty.

runZero

runZero

runZero delivers the most complete security visibility possible, providing you the ultimate foundation for successfully managing exposures and compliance.

Affinity Technology Partners

Affinity Technology Partners

Affinity Technology Partners has been fueling the growth of Nashville, Tennessee businesses and nonprofits with reliable IT services since 2002.

Exaforce

Exaforce

At Exaforce, we are on a mission to 10× improve the productivity and efficacy of security and operations teams using our transformative multi-model AI engine.