Ongoing pandemic has further escalated this problem by serving as another avenue for attackers to innovate their ransomware tactics.
By Sanjay Katkar
With evolving technologies pushing the world to adopt more and more digital solutions, threat actors have grown more innovative in targeting businesses and individuals using ransomware as one of their key attack strategies. The ongoing pandemic has further escalated this problem by serving as another avenue for attackers to innovate their ransomware tactics.
Double extortion: The new and more powerful variant of the old ransomware model
While earlier, the attackers only focused on encrypting the data and asking for a ransom in return, now they have gone beyond this approach. What they do is threaten the victim about disclosing the data to the public and push them to pay more. With this kind of threat, the victims who might even have a backup of the original data may end up paying huge ransoms because of the fear of leakage of their sensitive enterprise data on the internet. This technique is called double extortion.
As companies continue to operate from home without a robust cybersecurity infrastructure, their chances of getting hacked and compromised are only going to increase further. Sectors like telecom, healthcare, pharma, hospitals and even government critical sectors – all are considered a target by threat actors, primarily because of their ability to pay. This innovation in the old ransomware technique has increased the average ransom demand to 150K USD in 2020, while for some of the high-profile targets, it goes even beyond that.
Price beyond ransom: Additional costs associated with ransomware attacks
What most companies are not yet aware of is the additional cost involved in tackling a ransomware attack. To be precise, it is not merely the ransom that the victim is supposed to pay and get their sensitive data restored. But there are other associated costs as well that the business has to spend in cleaning the infected systems, making the total cost much more than the demanded ransom.
These may include overheads related to IT services, software and other recovery-associated expenses such as lost revenues, staff overtime, downtime, reputational damages among others. To avoid such situations, companies end up investing on implementing tech upgrades and various employee awareness training programs, which is indeed the need of the hour.
Common reasons why ransomware attacks are growing:
The rise in usage of cryptocurrency
With the cryptocurrency revolution, cybercriminals have got a new way to extort money without being traced back to them. The money trail was the easiest way to track the criminals before that. But cryptocurrency makes it tracking very difficult and one can’t figure who is receiving the money and from whom. And unless we don’t see some of the arrests and the attackers getting punished, this trend is envisioned to grow.
International nature of the crime
The evolving nature of the crime from local to international helps attackers to target victims in different geographical borders making it difficult and time-consuming for law enforcement agencies to investigate and track. Weakness in cross border cooperation among nations further adds to the woes and this is why cybercriminals take advantage of it.
Weak IT infrastructure
As WFH continues to be the only safe way to keep businesses running, the role of a robust IT infrastructure becomes all the more essential to protect enterprises against attackers. Weak passwords, remote access kept open for longer hours, and other such factors will only make companies more prone to attacks.
Best ways to shield yourself from attacks:
Implement zero-trust security architecture
Increasing cyberattacks indicate how adversaries have innovated their attack methodologies and this is where a zero-trust security model comes into light. It authenticates and authorizes all users while continuously validating security configuration and posture before anyone is given access to sensitive enterprise data. Real-time authentication thus helps detect and block suspicious activities and eliminates implicit trust practices. In short, this model trusts no one even if the user is part of the network. Organisations must invest in this architecture as it can result in wins in numerous forms such as increased productivity, improved visibility, facilitated compliance, and better utilization of IT resources, among others.
Endpoint Detection and Response (EDR)
Ransomware authors often rely on lateral movement technique where an attacker breaches the perimetre, then moves laterally and infect other machines, resulting in a much larger attack. Endpoint Detection and Response or EDR is a modern solution that focuses on enhanced visibility into connected endpoints, thereby, securing the network from malicious attacks. It works to detect, contain, investigate and eliminate malicious activities like ransomware and helps organisations respond to threats more efficiently. This increased visibility allows businesses to prevent lateral movement of such attacks on their network.
Practice good cyber hygiene
In today’s world more connected than ever, companies must host cybersecurity programs at the workplace (now online) to help employees understand how attacks happen, what are the expected loopholes and how these can be prevented. For instance, one must know who has access to their device and where. This will allow you to monitor and identify inappropriate use and protect you from data hijack. Similarly, companies must adopt two-factor authentication across all tech solutions to stop attackers from stealing credentials mainly via activities like phishing.
Never miss on updates; invest in robust anti-malware / anti-ransomware and encryption solutions
It’s usual to see that one update notification every now and then while using smartphones and laptops. Although most people unknowingly ignore or postpone this action, it might turn out to be a huge mistake. Using the latest programs and apps ensure that users are not using any previous or older version of the solution that might have glitches and flaws, which might turn profitable for hackers and damaging to you.
Similarly, always invest in reliable anti-malware / anti-ransomware solutions to make your device protected against security breaches. Efficient security software can automatically identify and eliminate malicious spread by performing constant scans without affecting the speed and performance of the system and keep the device safe and healthy all the time. Additionally, an effective data encryption solution protects critical data and once the encryption keys are secured, the data becomes useless to any cybercriminal.
New technologies and evolving mindsets of criminals have literally changed the face of security. Organisations must, therefore, pay attention to recruiting highly tech-savvy IT professionals, building a robust security infrastructure, and hosting cybersecurity awareness programs. Those who don’t take this seriously now will turn out to be the primary victims, while those who follow the aforementioned practices, will be in a safer position to minimise the impact of such attacks, and might even stand a chance to prevent it completely.
(The author is Joint Managing Director and Chief Technology Officer, Quick Heal. Views expressed are personal.)