Ransomware remains a threat 30 years on
As our lives have become increasingly dependent on technology, virtually all personal and business data is kept on internet-connected platforms and in today’s digitized world this has become a gold mine for cyber criminals. In fact, we have seen cyberattacks grow exponentially in the last 12 months and in particular ransomware attacks increased by more than 485 percent in 2020.
Yet ransomware is nothing new. It is astounding to think that this attack technique has been around since 1989, when the first version was created by the "Father of Ransomware" Dr Joseph L. Popp. Disseminated via mailed floppy disks, the program demanded a hefty ransom of $189 to free victims’ data. Fast forward 30 years and still today whenever an organization thinks it has ransomware under control, another attack more sophisticated and effective than the last emerges.
Ryuk, REvil, NHS, Clop, Cezar, Pubg, Webroot, and Cryptolocker are just some examples of ransomware that have been prevalent during the past twelve months alone. Concerned about how prolific ransomware has become, the Biden administration announced plans to hold a meeting with representatives from 30 countries in an effort to deal with the growing threat of ransomware and the abuse of cryptocurrency to launder ransom payments.
Putting best security practices in place
Another initiative aimed at creating heightened visibility around growing threats is the National Cyber Security Awareness campaign, which ran throughout October and aimed to put the spotlight on some best security practices as well as promoting general cyber hygiene to help organizations and individuals keep data safe. This is about a shared responsibility in the fight against cybercrime and, in light of the continuing growth in ransomware, making organizations more aware of common methods will better arm them to prevent such attacks in the future.
Today ransomware attacks have not only grown in sophistication, but ransom payments have also increased. According to the Digital Defense 2021 Ransomware Guide, payments were averaging more than $220,000 in Q1 2021. With this kind of earning potential, it’s no wonder ransomware is often the malware of choice for malicious actors targeting organizations.
So, what makes ransomware so lucrative?
There are number of reasons. Firstly, organizations tend to pay a ransom rather than risk interrupting the flow of business and/or risking damage to their brand and reputation. In simple terms, it may just be -- or at least initially seem -- more cost-effective to pay than not to pay. The Digital Defense 2021 Ransomware Guide showed that more than half (57 percent) of organizations have paid the ransom when under an attack. Secondly, there are several cheap and easy attack vectors that can be used to launch ransomware, which means that cyber threat actors need only put in minimal effort to get maximum return.
The pressure is on to stop paying ransomware demands
However, this means that every time a company pays the ransom, they are incentivizing attackers to continue. Last year this caused the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) to declare it illegal to pay a ransomware demand in some instances.
The threat posed by ransomware is of such scale and severity that different stakeholders across industries are coming together to try and combat it. Originated by the Institute for Security and Technology, the Ransomware Task Force (RTF) is a collaboration between more than 60 such stakeholders, including tech firms such as Microsoft and Amazon, and law enforcement bodies including the UK’s National Crime Agency.
The RTF aims to develop a robust plan to tackle the global ransomware threat by deterring and disrupting cybercriminals and ensuring organizations are prepared to defend themselves.
So, what can and should organizations do to protect themselves from ransomware threats?
Education is key and what the National Cybersecurity Awareness Initiative aimed to achieve with its "shared responsibility" ethos. With so many high-profile attacks and an ever-increasing number of data breaches, you would have thought that organizations were already aware of the threat, but Clearswift by HelpSystems research with UK public sector workers revealed that almost half of respondents had either not heard of, or do not know what ransomware is. More than three-quarters had been given no instruction in how to recognize ransomware.
Employees should understand the dangers of ransomware, and other attack vectors, and know what to do if they think they’ve suffered a breach. A security culture starts at the top, so educate everyone involved - even those on the board. Education should be a continuous process and not just something that happens during induction, that way it is firmly embedded as a mindset and put into practice every day.
Some organizations use attack simulations to see who would be susceptible to socially engineered phishing campaigns, for example, and once these individuals are identified additional training can be provided.
As well as implementing antivirus and DNS filtering, software patches and MFA, and other such best practices, organizations can also work proactively to shore up weaknesses through regular vulnerability scanning and penetration testing. These processes help to prioritize the issues that pose the most risk to the organization and manage their remediation. Organizations can also implement threat detection tools to monitor the network for malicious activity. These tools alert the security team the moment an infection is uncovered.
Finally, if a breach is identified, it’s important to investigate the cause and assess the state of the environment as soon as possible to minimize the damage and ensure an attack isn’t repeated.
It’s been around for 30 years and still ransomware looks like it’s here to stay, so it has never been more crucial for businesses of all sizes and industries to protect against these attacks. Putting together the right tools and combining this with education and training will ensure that the organization is best placed to fight back against unscrupulous but ever-powerful ransomware groups.