How Is Ransomware Changing?

How Is Ransomware Changing?

It feels like we can’t go more than a few days without there being another ransomware story in the news. What used to be simply one threat present in the cybercrime landscape has now become the clearest and present danger to modern businesses.

Don’t assume we’re exaggerating this for effect — experts estimate that a ransomware attack will occur every 11 seconds in 2021. Here are just a few key examples, out of the thousands of incidents that occurred in the past year:

• Ransomware infects Colonial Pipeline, disrupts the US gas economy: A ransomware attack against Colonial Pipeline caused a widespread shortage of gas across the country. The encryption of the petroleum supplier’s systems forced them to shut down operations for a number of days, highlighting the vulnerability of critical US infrastructure to cybercrime attacks.
• Ransomware costs the Irish Healthcare System hundreds of millions: Health Service Executive (HSE) was infected with ransomware in May, and the ensuing ordeal levied a series of expenses, eventually reaching as much as $600 million.
• Ransomware takes Travelex’s global operations offline: A sophisticated ransomware attack took down Travelex’s systems in more than 70 countries for multiple days, timed specifically for when staff would be on holidays.

How Does Ransomware Cause So Much Damage?

Cybereason recently conducted a survey of 1,263 cybersecurity professionals to study the real-world effects of ransomware. There are a number of key costs that will come with a ransomware attack, including:

• Ransom: This is the most obvious cost, and it just keeps going up. According to cybersecurity company Coveware, what was an average ransom of $6,733 in 2018 has increased to $12,672 in 2019. As of this year, Cybereason reports that 35% of respondents who paid a ransom said it cost them between $350,000 and $1.4 million; 7% paid more than $1.4 million.
• Loss Of Revenue: Beyond the actual ransom paid, targets also noted a loss in business as well. 66% of respondents in the Cybereason study reported that their organizations were hit by major losses in revenue due to a ransomware attack.
• Downtime: As Kapersky notes, 34% of businesses hit by ransomware take up to a week to regain access to data. In that week, you’re still incurring costs associated with downtime while you and your staff can’t access your data. That’s time in which you can’t get work done, can’t serve your clients, can’t gain new business, and yet, still have to pay your employee wages and ongoing costs to keep the lights on.
• Reputational Damage: Current and future clients will think twice about working with a company that was infected by ransomware. A little over half (53%) of Cybereason’s respondents reported suffering brand and reputation damage because of ransomware.
• Personnel: The fallout of a ransomware attack can often lead to loss of staff as well, either as a matter of damage control (laying off responsible C-Level executives) or as a response to lower revenue (layoffs). 32% of those polled by Cybereason reported that C-suite members left their organization, and 29% of the organizations surveyed had to lay off employees
• Remediation: Lastly, there’s the cost of damage control. Do you have to hire an IT company to help you out? Do you have to hire a forensic cybersecurity crew to determine how you were attacked? Do you have to pay fines for breaching regulations? These all get added to the bill for getting hit by ransomware.

Finally, there’s always the chance that all these costs combined will spell the end for the business in question. According to Cybereason, 26% of respondents had to close their businesses for good.

In a nutshell, ransomware is becoming more common, more expensive, and more pervasive. Have you stepped up your cybersecurity measures to compensate?

The Threat Of Ransomware Is Evolving

Just a few years ago, ransomware wasn’t as big of a concern. While high-profile incidents like the WannaCry attack on the NHS were concerning, they were far and few between. If you had a recent backup of your data in place, you could rely on that to replace your data in the event it was encrypted by ransomware.

Since then, however, the way cybercriminals use ransomware has evolved. They have improved their tactics and capabilities, allowing them to do much more damage, and demand much more money. Characteristics of modern ransomware attacks include:

• Expanded Timelines: Sophisticated attackers sneak ransomware into a breached network and then lay dormant for weeks or months, ensuring their method of entry isn’t discovered right away. This gives them time to embed themselves, steal data, and more, all before they actually activate the ransomware and infect the systems. Without undertaking extensive forensic processes, an infected business won’t know how far back they need to go to backup their systems. Or, even worse, it will be so far back that they’ve already expunged those backups to make room for more recent versions.
• Improved Capabilities: Modern forms of ransomware can even target and infect backup hard drives and cloud-based data, if the connections are left unsecured. That’s why cybersecurity professionals are now recommending digitally-air-gapped backups as well.

Given the effectiveness of modern ransomware attacks, defensive methods and best practices from just a few years ago are already losing feasibility.

7 Reasons Modern Businesses Are Vulnerable To Ransomware Attacks

Gaps In Your Cybersecurity Posture:

• Lack of adequate cybersecurity safeguards on networks.
• Lack of education and training in the protection of networks and data.
• Lack of funding for implementing adequate cybersecurity safeguards.

Relying On Basic And Limited Cybersecurity Technology:

• Failure to adopt a “security-in-depth” approach, and instead, only using single devices and “catch-all” solutions that offer multiple cybersecurity features.

Failure To Keep Systems Up To Date:

• The use of legacy operating systems on the network.
• The use of legacy or unsupported software products installed on systems that are on the network.
• The inadequate patching of operating systems and software products for machines on the network.
• Relying on operating system, hardware, and software vendors that do not create products with security in mind, are slow to release patches for bugs, or are careless with their coding, resulting in dangerous vulnerabilities.

The Ongoing Evolution Of Cybercrime Attack Vectors:

• The increasing level of sophistication in tools that are available to hackers.
• The increasing level of funding by government agencies that hire hackers to perform attacks on other countries.

Poor Cybersecurity Maintenance & Practices:

• Inadequate vulnerability testing on a regular basis, which can help expose attack vectors.
• Inadequate vetting of hardware and software products for use on the network.
• Inadequate vetting of employees, staff, and contractors who are entrusted with keeping company data and networks safe.

Lack Of Awareness:

• Inadequate understanding of the threats posed to your organization, its staff, and clients.
• Inadequate understanding of the security solutions that are in place with vendors and other companies in your supply chain.
• Inadequate security awareness training for employees, staff, and third-party contractors.

Failure To Plan Your Cybercrime Event Response:

• Inadequate planning for disaster recovery, business continuity, and risk management.
• Little or no investment in cybersecurity and liability insurance.

4 Important Lessons To Learn From Recent Ransomware Attacks

The most important lessons we can learn from the recent attacks are the following:

1. Big Targets Require Comprehensive Protection: More emphasis should be made on protecting critical infrastructure such as organizations that process and provide fuel, power, and other vital resources for life and economic survival.
2. Secure Network Configuration: Business leaders need to re-evaluate which machines absolutely need to be on the network, and if so, whether they can be isolated from all other networks, especially in terms of exposure to the Internet.
3. Assess, Improve, And Repeat: Those in charge need to re-evaluate the security measures that are in place currently and immediately remediate any weaknesses found.
4. Accept The Reality Of Cybercrime: It is not a question of “if it happens”, but “when it happens”. Is the business positioned to recover quickly and efficiently, and avoid extended periods of downtime or the access to or production of critical resources?

How Can You Defend Against Modern Ransomware Threats?

If reading about these ransomware attacks makes you wonder if your business is vulnerable to security breaches and cybercriminal attacks, don’t wait until you are attacked to come up with a plan.

To be clear — a simple backup solution will no longer provide adequate protection against ransomware. You need to invest in a more extensive suite of IT security solutions:

• SentinelOne Endpoint Security to monitor and defend your network endpoints.
• NextGen firewalls to provide advanced security.
• Proofpoint Email Security to mitigate phishing scams.
• Cisco Umbrella to protect your cloud data.
• Passly Two-Factor-Authentication to protect your logins.
• Pii Protect End-User Security Training to show your team how to identify and respond to ransomware attacks.

You Can’t Ignore Ransomware And Hope It Goes Away

In summary, there will never be a way to be 100% protected from an attack, or worse, an actual breach. However, by implementing the proper security measures, training, and constant re-evaluation of these security measures, the risk of being infected with ransomware can be dramatically reduced.

Get in touch with the CSP team to discover more about developing a modern ransomware defense.