Halting The Rise Of Ransomware

Uploaded on 2023-11-10 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Despite hope last year that successful ransomware attacks were on the wane, 2023 has seen a revival of ransomware. Companies continue to face the threat of locked down hardware, losing access to critical data, and potentially having that data released publicly if they refuse to acquiesce to extortionate ransom demands. 

It’s not hard to track the reasons for ransomware’s resurgence. IT departments employed proactive methods - including regular backups, encryption, and network security - to combat the so-called ‘golden age’ of ransomware caused by the pandemic-led shift to hybrid and remote working.

Statistics suggest such plans are no longer being given the same priority. Just 68% of companies allocated a budget in 2022 to protect against ransomware compared to 93% in 2021. Moreover, only half of those surveyed were taking proactive steps to prevent such attacks, such as regular data backups. Instead, as media headlines declined, companies appear to have lowered their defences. 

Ransomware works, and it is not going away. Victims are incentivised to pay, because an attack could cause serious reputational and regulatory damage as well as an average of 20 days of business downtime.

Criminals could net millions with a successful ransomware deployment – demands of US$70 million  and upwards from a single compromised business are not unheard of. In only the first three months of 2023, companies were forced to spend around $450 million to regain control of their data, and could potentially spend more. The golden age of ransomware is clearly not over, and its impact may be rising exponentially.

The Rise Of Commercial Ransomware

The lucrative nature of ransomware means it has, progressively, moved away from the domain of lone hackers or small groups. Ransomware is an increasingly professional criminal endeavour, employed with a focused approach specifically tailored for maximum impact to hackers’ targets, however big or small they may be. Attackers have become more brazen and public with their extortion methods, threatening to release sensitive data like company records, client lists, or trade secrets publicly or even making ransom demands to an affected business’s third-party clients.

Mounting a ransomware attack does not even demand a huge amount of expertise. Any prospective hacker can access Ransomware-as-a-Service (RaaS). As part of a profitable secondary cybercrime market, RaaS sees malware authors offering off-the-shelf variants of malicious software, along with expertise on its use and ready-made databases of online credentials, for a fee. An open market for ransomware means an attack could potentially come from any source at any time, making a solid backup and encryption policy absolutely essential.

Growing Physical Vulnerabilities In The Workplace

Ransomware must be deployed within a company’s systems to work. Attackers can use various means to gain access to systems, from directly targeting insecure networks and computers to exploiting previously undiscovered digital vulnerabilities. The number of potential avenues of attack is growing all the time. The wide-ranging devices which make up the Internet of Things (IoT), for example, are likely to number over 22 billion by 2024, each of them a tiny network-connected computer.

The trend towards commonplace remote and hybrid working also highlights new vulnerabilities for more traditional computer hardware, as employees use insecure home networks or even public Wi-Fi in places like coffee shops. 

The distributed workforce means VPNs are a target. Working in public places means criminals can discover passwords by simply watching a user type them in. A single lost or unattended laptop could be enough for a hacker to gain the credentials to launch an attack. The inevitable growth of technology means those wishing to utilise brute force to deploy ransomware within a network have stronger tools available to them, backed by higher processing power. Protecting one’s data with encrypted, air-gapped backups nullifies any potential impact that any of these attack vectors could hold; there is no brute force method which can come close to breaking AES 256-bit hardware encryption.

Using Confidence Tricks To Shatter Security

Often, ransomware attackers attempt to gain access to networks with more simplistic methods like phishing. Spoof emails are surprisingly effective: two in three users open phishing emails, a third will click the links or attachments within, and half of those will enter details into fake login screens. Their potential success rate means the use of phishing emails is growing, too. In Q1 this year, malicious emails made up a quarter of all email messages, an all-time high . 

Phishing works so well because phishers have mastered social engineering confidence tricks and employ meticulous research and Artificial Intelligence (AI) tools to make their emails seem authentic. In addition to broad email campaigns, they research and target specific individuals with more valuable access credentials. Phishers also use AI to replicate the writing style of powerful employees in order to make their emails appear more authentic -  a process known as spear phishing. Reports suggest that newer AI-generated phishing emails can convince users to click through and fill in a form up to 80% of the time .  

Bypassing the ingenuity and methodology of those wishing to deploy ransomware - whatever their method -  requires consistently vigilant behaviour, and a Zero Trust approach.

Zero Trust is a framework which offers no implicit trust to any entity which interacts with your organisation. Under Zero Trust, every device, user, platform, tool, or vendor must clearly demonstrate its security credentials. It is an essential component of digital hygiene, and, if properly understood by all employees, is the best way to minimise the possibility of a ransomware attack. In some cases, though, hackers with insider knowledge may find a way to infiltrate a network regardless of an organisation’s policies. So, any cyber resilience plan must be joined by a matching IT infrastructure.

Encryption & Backups - The Two-Pronged Solution To Ransomware

As creative as one’s network policies may be, there is no other option: organisations must implement consistent encryption and a strong backup policy in order to protect their data. In the case of a ransomware attack, the presence of a backup accelerates the speed of any recovery efforts and potentially avoids an expensive and embarrassing payout. An air-gapped backup, one stored on an external device not attached to the network, cannot be affected by ransomware.

Backups should, therefore, be kept in triplicate online, offline, and off-site - a strategy known as the 3-2-1 rule, which ensures there is always a backup available in the case of physical or digital disaster. 

Add encryption, and you introduce an extra layer of security to your backups. In the unfortunate event that an external drive is lost or stolen, encryption makes its contents functionally useless to those without the key, minimising the possibility of a damaging data breach. Hardware encryption helps to streamline and foolproof this process by encrypting and decrypting data automatically without needing to install special software.

The correct hardware backup and encryption solution removes a large amount of business vulnerability, and a lot of worry. Employees no longer need to be concerned with awkward software, or even whether they are doing the right thing – hardware encryption is secure by default. Physical and logical separation between encryption keys and the data they protect renders hacking attacks useless. And with a solid plan in place for recovery, ransomware will end up little more than a temporary inconvenience.

John Michael is CEO at iStorage

Image: panumas nikhomkhai

You Might Also Read: 

Improving Data Security To Ensure Cybersecurity Compliance:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Securing Kubernetes Helm: Vulnerabilities & Defensive Strategies
Global Law Firm Breached & Data Stolen »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

iStorage

iStorage

iStorage is the leading global provider of PIN Activated, hardware encrypted, portable data storage solutions.

Swedish Civil Contingencies Agency (MSB)

Swedish Civil Contingencies Agency (MSB)

MSB's Information Assurance Department is responsible for supporting and coordinating work relating to Sweden's national societal information security.

CyberInt

CyberInt

CyberInt’s Managed Detection and Response services span globally and include some of the top finance, retail and telecommunication organizations.

ENVEIL

ENVEIL

ENVEIL’s technology is the first scalable commercial solution to cryptographically secure Data in Use.

HCL Technologies

HCL Technologies

HCL offer an integrated portfolio of products, solutions and services built around Digital, IoT, Cloud, Automation, Cybersecurity, Analytics, Infrastructure Management and Engineering Services.

FAIR Institute

FAIR Institute

The FAIR Institute is a non-profit professional organization dedicated to advancing the discipline of measuring and managing information risk.

Data Privacy Office (DPO)

Data Privacy Office (DPO)

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Kalima Systems

Kalima Systems

Kalima’s mission is to securely collect, transport, store and share Industrial IoT (IIoT) trusted data in real time with devices, services and mobile workers.

UncommonX

UncommonX

UncommonX offers enterprise-class cybersecurity protection for mid-size organizations by combining adaptive threat and intelligence software with 24/7 industry experts.

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

Avalanchio Technologies

Avalanchio Technologies

The Avalanchio platform gives you a complete solution to collect, process, and analyze security data to detect threats in real-time and analyze historical data using security DSL or SQL.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

Regtank Technology

Regtank Technology

Regtank is a one-stop compliance solution for fintechs, navigating compliance, security and risk management.

Siren

Siren

Siren provides the leading Investigative Intelligence Platform to some of the world’s leading Law Enforcement, National Security and Cyber threat investigators.

Carahsoft Technology Corp

Carahsoft Technology Corp

Carahsoft Technology is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets.

Antivirus Tales

Antivirus Tales

Antivirus Tales offers a platform to resolve all types of antivirus-related issues. The platform also provide various blog articles and informative guides to fix antivirus software errors.