Ransomware Often Begins With Phishing

Uploaded on 2021-07-28 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

Ransomware attacks are becoming increasingly devastating to companies. Not only do they inflict massive disruptions to operations, but criminals are also asking for ever-larger ransoms to unlock the encrypted files and machines hit by the attacks. 
 
Some security experts are urging the government to go further and, despite the difficulties in enforcing such a law, make it illegal to pay ransoms to ransomware groups. Recent events have hardened this opinion and increased support for such an option. Indeed,  and some security firms have pointed out that companies that pay ransoms are simply funding the next round of attacks.
 
Only a few weeks ago, an attack paralysed Ireland’s health services for weeks in the middle of a pandemic. The attack happened in the wake of the Colonial Pipeline attack that caused fear of gas shortages. CNA Financial, one of the largest insurance companies in the US, apparently paid $40m to get access to its files and to restore its operations, making it the largest reported ransom paid to date. 
 
Due to the surges in state-sponsored ransomware attacks in the US and Europe, many government institutions, including the White House, have urged companies to bolster their defences to help stop the ransomware groups. The G7 group has called on Russia, in particular, to identify, disrupt, and hold to account those within its borders who conduct ransomware attacks and other cyber crimes. ​One of the few outcomes of the Biden-Putin summit is an agreement to consult on cybersecurity. However, the agreement is ambiguous without any specific actions.
 
Phishing and ransomware have become the most rampant form of cyber crime and an exponentially increasing threat to organisations. 
 
  • Phishing is a method of trying to gather personal information using deceptive e-mails and websites. 
  • Ransomware is a form of malware designed for the sole purpose of extorting money from victims.

Right now, phishing is e delivery mechanism of choice for ransomware and other malware, are critical problems that every organisation must address through a variety of means.   

Phishing Is One Of The Main Ways To Deliver A Cyber Attack 

Phishing emails come in all varieties, asking recipients to click on a malicious link, featuring attached files masking malware, or simply looking for a reply to begin information gathering, according to a new survey from the data storage specialist firm Cloudian that talked to 200 IT decision-makers whose organisations has had ransomware attack over the last two years. 
 
  • The survey reports that 50% say they have held anti-phishing training among employees, and 49% had perimeter defences in place when they were attacked.  
  • Nearly 25% of all survey respondents said their ransomware attacks started through phishing, and of those victims, 65% had conducted anti-phishing training sessions. 
  • For enterprises with fewer than 500 employees, 41% said their attacks started with phishing. About one-third of all victims said their public cloud was the entry point ransomware groups used to attack them.  
What really distinguishes phishing is the form the message takes: the attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with.  It's one of the oldest types of cyber-attacks and is still one of the most widespread, with phishing messages and techniques becoming increasingly sophisticated.
 
"This reflects the increasing sophistication of phishing schemes, with attackers now mimicking emails from trusted associates such as high-level executives (known as 'whaling' attacks). These emails will sometimes include personal details, usually gleaned from social media, making it more likely that even a wary individual will fall prey," the report explained. Criminals rely on deception and creating a sense of urgency to achieve success with their phishing campaigns.
 
Crises such as the coronavirus pandemic give criminals a big opportunity to lure victims into taking their phishing bait. 
 
The speed of ransomware groups is also startling, with 56% saying ransomware actors managed to take over their data and send a ransom demand in under 12 hours. 30% said their data was taken in 24 hours. For companies attacked through phishing, 76% of victims noted that attackers took over systems within 12 hours. The Cloudian report found that "44% of respondents' total data was held hostage, with financial, operational, customer and employee data all being targeted." Enterprises experienced an average downtime of three days.  
 
  • The average financial cost for respondents was nearly $500,000, and 55% said they ended up paying the ransom, with an average ransom cost of $223,000.
  • Nearly 15% said they paid $500,000 or more. Even after paying, just 57% were able to get all of their data back. 
These findings reveal an unwelcome truth about such attacks, which is that they are hard to prevent even when you're prepared.
 
Ransomware can penetrate quickly, significantly impacting an organisation's financials, operations, customers, employees and reputation. Even if you pay the ransom, other related costs can be significant.   
 
  • The other costs associated with responding to a ransomware attack added up to an average of $183,000.
  • More than half of respondents dealt with additional impacts to "their financials, operations, employees, customers and reputation." 
"The threat of ransomware will continue to plague organisations around the world if they do not change their approach and response to it," said Jon Toor, chief marketing officer at Cloudian. Organisations should consider using a fully integrated solution that simplifies configuration, goes beyond signature-based detection, and protects from insider spear phishing attacks.

Possible Ways Forward:

  • Law enforcement agencies must cooperate across borders to target ransomware groups, track payments and ultimately change the operational risk for these groups so that it is more expensive to do illicit business.
  • Breaking down silos within organisations, getting the cyber security, IT operations and risk management teams to speak the same language and align expectations. 
  • GDPR has done a lot to bring focus and awareness about reporting breaches to infrastructure. But more is needed.

GPDR works for personal data, but disruptions to critical infrastructure following a ransomware attack are not necessarily under the umbrella of GDPR and can go under the radar. Only with more sharing, increased focus and potentially fines levied against organisations that fail to prevent or protect their infrastructure adequately, will  business leaders begin to take the threat seriously.  

Deloitte:      Dark Reading      Logpoint:     Techtarget:    CSO Online:    VadeSecure:
 
ZDNet:     EMISOFT:     I-HLS:  
 
You Might Also Read:
 
Cyber Crime In 2021: How Hackers Are Evolving:
 
 
« Was There A Russian Plot To Put Trump In The White House?
Twitter Celebrity Hack Suspect Arrested »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ITQ

ITQ

ITQ is an IT consulting firm with a focus on the entire VMware-product portfolio with three main services: Professional Services, Support Services and Managed Services.

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

Cyberlytic

Cyberlytic

Cyberlytic applies artificial intelligence to combat the most sophisticated of web application threats, addressing the growing problem of high volumes of threat data.

TestFort

TestFort

TestFort QA Lab is a specialized software testing company offering independent quality assurance and software testing services.

Fastpath Solutions

Fastpath Solutions

Fastpath deliver software solutions that enable you to take control of your security, compliance and risk management initiatives.

Microsoft Security

Microsoft Security

Microsoft Security helps protect people and data against cyberthreats to give you peace of mind. Safeguard your people, data, and infrastructure.

International Computer Science Institute (ICSI)

International Computer Science Institute (ICSI)

ICSI is a leading independent, nonprofit center for research in computer science. Research areas include network security and privacy.

Global Station for Big Data & Cybersecurity (GSB)

Global Station for Big Data & Cybersecurity (GSB)

GSB is an interdisciplinary research hub to cover big data, information networks, and cybersecurity.

Apricorn

Apricorn

Apricorn provides hardware-based 256-bit encrypted external storage products to companies and organizations that require high-level protection for their data at rest.

ExpressVPN

ExpressVPN

ExpressVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Greenwave Systems

Greenwave Systems

Greenwave's AXON Platform enables IoT and M2M network service providers to address security, interoperability, flexibility and scalability from a single IoT platform.

Department of Justice & Equality - Cybercrime Division

Department of Justice & Equality - Cybercrime Division

The Cybercrime division is responsible for developing policy in relation to the criminal activity and coordinating a range of different cyber initiatives at national and international level.

Startup Capital Ventures

Startup Capital Ventures

Startup Capital Ventures is an early stage venture capital firm with a focus on FinTech, Cloud/SaaS, Security, Healthcare IT, and IoT.

Cybil

Cybil

Cybil is a publicly-available portal where members of the international cyber capacity building community can find and share information to support the design and delivery of programs and projects.

Valtix

Valtix

Valtix is the first and only multi-cloud network security platform delivered as a service that enables cloud teams to meet the most stringent security requirements in a cloud-first & simple way.

Cloud Seguro

Cloud Seguro

Cloud Seguro are leaders in the development of cloud solutions, Ethical Hacking, Privacy and Information Security.