Halting The Rise Of Ransomware

Uploaded on 2023-11-10 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Despite hope last year that successful ransomware attacks were on the wane, 2023 has seen a revival of ransomware. Companies continue to face the threat of locked down hardware, losing access to critical data, and potentially having that data released publicly if they refuse to acquiesce to extortionate ransom demands. 

It’s not hard to track the reasons for ransomware’s resurgence. IT departments employed proactive methods - including regular backups, encryption, and network security - to combat the so-called ‘golden age’ of ransomware caused by the pandemic-led shift to hybrid and remote working.

Statistics suggest such plans are no longer being given the same priority. Just 68% of companies allocated a budget in 2022 to protect against ransomware compared to 93% in 2021. Moreover, only half of those surveyed were taking proactive steps to prevent such attacks, such as regular data backups. Instead, as media headlines declined, companies appear to have lowered their defences. 

Ransomware works, and it is not going away. Victims are incentivised to pay, because an attack could cause serious reputational and regulatory damage as well as an average of 20 days of business downtime.

Criminals could net millions with a successful ransomware deployment – demands of US$70 million  and upwards from a single compromised business are not unheard of. In only the first three months of 2023, companies were forced to spend around $450 million to regain control of their data, and could potentially spend more. The golden age of ransomware is clearly not over, and its impact may be rising exponentially.

The Rise Of Commercial Ransomware

The lucrative nature of ransomware means it has, progressively, moved away from the domain of lone hackers or small groups. Ransomware is an increasingly professional criminal endeavour, employed with a focused approach specifically tailored for maximum impact to hackers’ targets, however big or small they may be. Attackers have become more brazen and public with their extortion methods, threatening to release sensitive data like company records, client lists, or trade secrets publicly or even making ransom demands to an affected business’s third-party clients.

Mounting a ransomware attack does not even demand a huge amount of expertise. Any prospective hacker can access Ransomware-as-a-Service (RaaS). As part of a profitable secondary cybercrime market, RaaS sees malware authors offering off-the-shelf variants of malicious software, along with expertise on its use and ready-made databases of online credentials, for a fee. An open market for ransomware means an attack could potentially come from any source at any time, making a solid backup and encryption policy absolutely essential.

Growing Physical Vulnerabilities In The Workplace

Ransomware must be deployed within a company’s systems to work. Attackers can use various means to gain access to systems, from directly targeting insecure networks and computers to exploiting previously undiscovered digital vulnerabilities. The number of potential avenues of attack is growing all the time. The wide-ranging devices which make up the Internet of Things (IoT), for example, are likely to number over 22 billion by 2024, each of them a tiny network-connected computer.

The trend towards commonplace remote and hybrid working also highlights new vulnerabilities for more traditional computer hardware, as employees use insecure home networks or even public Wi-Fi in places like coffee shops. 

The distributed workforce means VPNs are a target. Working in public places means criminals can discover passwords by simply watching a user type them in. A single lost or unattended laptop could be enough for a hacker to gain the credentials to launch an attack. The inevitable growth of technology means those wishing to utilise brute force to deploy ransomware within a network have stronger tools available to them, backed by higher processing power. Protecting one’s data with encrypted, air-gapped backups nullifies any potential impact that any of these attack vectors could hold; there is no brute force method which can come close to breaking AES 256-bit hardware encryption.

Using Confidence Tricks To Shatter Security

Often, ransomware attackers attempt to gain access to networks with more simplistic methods like phishing. Spoof emails are surprisingly effective: two in three users open phishing emails, a third will click the links or attachments within, and half of those will enter details into fake login screens. Their potential success rate means the use of phishing emails is growing, too. In Q1 this year, malicious emails made up a quarter of all email messages, an all-time high . 

Phishing works so well because phishers have mastered social engineering confidence tricks and employ meticulous research and Artificial Intelligence (AI) tools to make their emails seem authentic. In addition to broad email campaigns, they research and target specific individuals with more valuable access credentials. Phishers also use AI to replicate the writing style of powerful employees in order to make their emails appear more authentic -  a process known as spear phishing. Reports suggest that newer AI-generated phishing emails can convince users to click through and fill in a form up to 80% of the time .  

Bypassing the ingenuity and methodology of those wishing to deploy ransomware - whatever their method -  requires consistently vigilant behaviour, and a Zero Trust approach.

Zero Trust is a framework which offers no implicit trust to any entity which interacts with your organisation. Under Zero Trust, every device, user, platform, tool, or vendor must clearly demonstrate its security credentials. It is an essential component of digital hygiene, and, if properly understood by all employees, is the best way to minimise the possibility of a ransomware attack. In some cases, though, hackers with insider knowledge may find a way to infiltrate a network regardless of an organisation’s policies. So, any cyber resilience plan must be joined by a matching IT infrastructure.

Encryption & Backups - The Two-Pronged Solution To Ransomware

As creative as one’s network policies may be, there is no other option: organisations must implement consistent encryption and a strong backup policy in order to protect their data. In the case of a ransomware attack, the presence of a backup accelerates the speed of any recovery efforts and potentially avoids an expensive and embarrassing payout. An air-gapped backup, one stored on an external device not attached to the network, cannot be affected by ransomware.

Backups should, therefore, be kept in triplicate online, offline, and off-site - a strategy known as the 3-2-1 rule, which ensures there is always a backup available in the case of physical or digital disaster. 

Add encryption, and you introduce an extra layer of security to your backups. In the unfortunate event that an external drive is lost or stolen, encryption makes its contents functionally useless to those without the key, minimising the possibility of a damaging data breach. Hardware encryption helps to streamline and foolproof this process by encrypting and decrypting data automatically without needing to install special software.

The correct hardware backup and encryption solution removes a large amount of business vulnerability, and a lot of worry. Employees no longer need to be concerned with awkward software, or even whether they are doing the right thing – hardware encryption is secure by default. Physical and logical separation between encryption keys and the data they protect renders hacking attacks useless. And with a solid plan in place for recovery, ransomware will end up little more than a temporary inconvenience.

John Michael is CEO at iStorage

Image: panumas nikhomkhai

You Might Also Read: 

Improving Data Security To Ensure Cybersecurity Compliance:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Securing Kubernetes Helm: Vulnerabilities & Defensive Strategies
Global Law Firm Breached & Data Stolen »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The Hacker News (THN)

The Hacker News (THN)

THN is a leading source for Information Security, Hacking News, Cyber Security, Network Security with in-depth technical coverage of issues and events

CIO Dive

CIO Dive

CIO Dive provides news and analysis for IT executives in areas including IT strategy, cloud computing, cyber security, big data, AI, software, infrastructure, dev ops and more.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

InterVision

InterVision

InterVision is a leading Strategic Services Provider, assisting businesses in driving value and gaining a competitive edge by helping IT Leaders solve the most crucial challenges they face.

US Secret Service

US Secret Service

The US Secret Service has a pivotal role in securing the nation’s critical infrastructures, specifically in the areas of cyber, banking and finance.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

Turnkey Consulting

Turnkey Consulting

Turnkey Consulting is a leading provider of Integrated Risk Management (IRM), Identity Access Management (IAM), and Cyber and Application Security.

Ostra Cybersecurity

Ostra Cybersecurity

As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes.

Artifice Security

Artifice Security

Artifice Security will demonstrate real-world attacks on your network, web applications, infrastructure, and personnel to expose your hidden security risks.

SafePaas

SafePaas

SafePaas is a leading Enterprise Risk Management Platform. One source of truth for all your Audit, Risk, and Compliance requirements. Complete governance across your systems.

Obrela Security Industries

Obrela Security Industries

Obrela provides security analytics and risk management services to identify, analyze, predict and prevent highly sophisticated security threats in real time.

CYGNVS

CYGNVS

CYGNVS is a guided cyber crisis response platform providing anytime, anyplace access. A SaaS platform for cyber crisis management – a safe way to connect and control your response.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

Frenos

Frenos

The Frenos Platform helps enterprises understand their most probable attack paths while highlighting the most effective risk mitigations to deter and defend against today’s adversaries.

Swick Technologies (SWICKtech)

Swick Technologies (SWICKtech)

SWICKtech offer IT managed services to increase IT security, stability, and performance for your organization.

ClearSale (CLSA3)

ClearSale (CLSA3)

Clearsale’s innovative fraud solutions combine advanced technology with a passionate team of seasoned experts that understand every client’s unique needs.