At this time when a backlash against caving into ransomware demands is starting to build, a new report finds that among organisations that opted to pay a ransom, a full 80% were attacked again. Troublingly, nearly half of respondents (46%) said they believed it was at the hands of the same attackers. Adding insult to injury,
It is clear cybercriminals are taking note amongst themselves which organisations are an easy ransomware mark, and with nearly half of respondents (46%) reporting that some portion of the data recovered from cybercriminals had been corrupted anyhow, there appears to be little reason to cave in to attackers’ demands. This recommendation is supported by the fact that today, the cost of ransoms is higher than ever. It has been common practice for cybercriminals to request payments in crypto currencies. Many of these are breaking all-time highs, thereby costing organisations more on account of exchange rates.
Most importantly though, it’s important to understand who you are dealing with. The perpetrators of ransomware attacks are cyber criminals, and therefore cannot be trusted. All too often, victims who pay are often contacted several months later and asked for another payment to keep the stolen data secret. Some ransomware criminals even accept payment but sell the data anyway. Businesses should now understand that any data stolen in a ransomware attack is compromised forever. There is simply no reason to pay criminals for their crimes. There is however good reason to take the threat very seriously!
Ransomware is getting more dangerous
While Ransomware is not new, it has evolved into a more destructive threat than ever before.
Extortion: The attackers steal the victim’s data before it is encrypted. If the victim refuses to pay the ransom, the attackers threaten to publish the data on the dark web. The threat of a data breach sometimes encourages victims to pay. When victims are unable or unwilling to pay the ransom, the attackers will publish the data.
Ransomware gangs: Hacking gangs are not new, but veteran ransomware criminals are now creating their own organisations and putting their collective expertise to work. This appeared to be the case with DarkSide, which specialised in digital extortion. These groups build sophisticated operations with multiple departments, and they research their targets before launching spear-phishing or other attacks.
Industrial system attacks:  Modern logistics and supply-chain processes integrate on-demand connectivity that enables system monitoring, remote control, and other efficiencies that IoT technologies have to offer. This has created gaps in security and increased the attack surface of these companies. Norsk Hydro, Altran Technologies, and others were disrupted by LockerGoga in 2019. In 2020, researchers discovered EKANS, a piece of ransomware specifically designed to infect industrial control systems (ICS). The control of industrial systems is much more valuable to the public than the exposure of data. This makes these systems a high-value target for ransomware gangs.
How to protect your company from ransomware
Protecting your company from ransomware attacks is all about protecting your data. You can therefore break down defence into into three focus areas:
Protect your credentials. Phishing is the primary attack vector for ransomware, so you must create and maintain a culture of awareness around credential security. Develop a process to train users on email security, and deploy anti-phishing technology that can identify and flag unusual activity. If the attacker cannot access credentials, it is much more difficult to escalate the attack from phishing to ransomware.
Secure your web applications. Online applications like file-sharing services, web forms, and e-commerce sites can be compromised by attackers. Web applications are attacked through the user interface or an API interface. Often these attacks involve credential stuffing, brute force attacks, or OWASP vulnerabilities. Once the application has been compromised, the attacker can introduce ransomware and other malware into the system. This can go on to infect your network as well as users of your application.
CHECK IT OUT:Â ITP.net kicks off Servers & Storage Week 2021
Backup your data. It is critical that you have a backup that meets two important standards.
Comprehensive — You should be aware of the location of all data on your network. This includes configuration files, user documents, and archived data around employees, clients, and so on. All this data should be backed up, and data that is currently in use should be backed up at least once per day.
Resilient — When ransomware attacks your network, it encrypts your data and attempts to disable backup systems and destroy backup files. The safest approach is to deploy a backup system that replicates data to a cloud that offers unlimited storage and a robust search and restore capability. Office 365 users should add third-party cloud backup to protect SharePoint, Teams, Exchange, and OneDrive data.
To stay safe from ransomware, you should assume that there will be ransomware attacks against your company. If the attack is successful, you should have a plan to not pay the ransom.
