The world — and the U.S. in particular — is in the midst of a ransomware crisis. Ransomware seems to be surging almost everywhere. But why? We take a look at underlying causes.
- Ransomware is surging everywhere, but particularly in the USA
- Both the frequency and size of attacks (ransom demands) has increased markedly over the last few years
- A number of identifiable megatrends are causing this
- The pandemic hasn’t helped, with the rush towards WFH practices not always being followed by best practice security practices
Last week we published a video on ransomware, exploring why it is surging around the world. This piece elaborates on its contents a little more, looking in greater detail at some of the cybersecurity “megatrends” powering this phenomenon.
A leading cybersecurity magazine (Cybercrime) predicts that ransomware will continue to get worse, and will eventually cost victims about $265 billion each year by 2031 (start of the next decade). Attacks are likely to occur every two seconds as hackers refine their malware attacks and extortion practices.
But why is ransomware increasing as a go-to for cyber threat actors?
Becoming easier to execute
Ransomware is in part driven by the problem of being “simple” to execute, particularly with some new “business models” that have emerged in this space. Relatively speaking, it is simple for hackers to gain financially, using malicious software to access and encrypt data and hold it hostage until the victim pays the ransom.
Hackers use software to poke around security holes or by tricking network users using phishing scam tactics like sending malware that seem to come from a trusted source.
Cyber attacks are more frequent now because it is effortless for hackers to execute them. Further, payment methods are now friendlier to them, especially in a world where anonymous payments are thriving.
Businesses are willing to pay a ransom because of the growing reliance on digital infrastructure, giving hackers more incentives to attempt more breaches.
A few years back, cybercriminals played psychological games before getting bank passwords and using their technical know-how to steal money from people’s accounts.
Today, however, they are bolder, given the ease of buying ransomware-as-a-service and learn hacking techniques from online video sites like YouTube. Some gangs are even offering their services for a business hacking set up for a fee – typically a share of the profits.
Cryptocurrency has made hackers bolder, as they can extort unlimited and anonymous cash payments.
With the anonymity of bitcoin transfers, hackers found they can demand higher amounts from their victims.
Work from home: Organisations getting lax
The pandemic has driven the “work from home” phenomenon harder than ever. It is no secret that this is one of the biggest changes to our lives over the past 18 months globally. While it has been great in some ways, it has been a double edged sword in others.
The most notable trend in this respect is that organisations have had to relax cybersecurity controls and IT policies to enable people to work from home. While that might have worked at one point, it didn’t anticipate that cyber threat actors would be up to the task of exploiting the resulting weaknesses.
And this has partly driven the rise in ransomware. Quite simply, even large companies have been lax with their network security protocols. The recent supply chain attack at Colonial Pipeline saw CEO Joseph Blount admit before Congress that the company does not use multifactor authentication when users log in.
Everything goes digital
Another contributing factor to the rise in ransomware attacks is the ubiquity of our reliance on the digital sphere for all aspects of our lives.
The pandemic caused a spike in worldwide internet usage even above already high levels. Many students and workers are working and learning remotely, and this is opening up opportunities for threat actors to try a variety of different things (including phishing scams as a door opener) that eventually culminate in the springing of ransom attacks.
Impact of ransomware on business
Aside from the increasing occurrence of ransomware attacks, the cost of the attacks is growing as well. Ransomware paralyses a company’s digital network and associated devices. Because sensitive business data is breached, business operations, particularly for supply chains, are affected — companies thus often prefer to pay a ransom.
Theoretically, even if a company pays ransom, there is no guarantee that sensitive data has not been copied. Likewise, there is no guarantee that attackers will return all the data or that the decryption key will work.
In the case of Colonial (mentioned above), the decryption key hackers gave them after paying the ransom was too slow. So Colonial resorted to using their backup files. Kaseya, on the other hand, preferred to work with a third party for a decryption key.
Preventing ransomware infection
Government agencies generally advise companies never to pay ransom to cybercriminals because it encourages them to launch more attacks.
The most obvious way to prevent such attacks is to work closely with a cybersecurity firm to set up best practice security systems that fits a business’ current and future needs. Implementing all recommended controls is a necessary part of this security transformation.
While there are a lot of technical aspects to the implementation of these controls, it pays to go back to basics and really emphasise the core elements of good cybersecurity at an enterprise level:
- Use security training so employees have a better understanding of the importance and meaning of cybersecurity
- Emphasising the importance of never clicking links from unverified sources, as phishing emails are one of the methods to spread malware and make companies an easy target
- Email scanning software is an absolute must
- Regular backups of data are essential, and this means having at least two data backups in separate locations. Grant access to your backup only to your most trusted staff.
- Use data encryption to protect emails, file exchanges, and personal information.
- Ensure that you upgrade all your applications regularly so you can fix vulnerabilities.
- Use password managers to ensure that all employees will have stronger passwords. Instruct employees to use different passwords to log in to the other applications you use in your company.
Ransomware attacks are rampant due to their ease and profitability. But knowing some of the reasons for the increase in ransomware and taking proactive measures to counter it is easy. We trust this guide helps you and your organisation get on top of what is an increasingly challenging problem.