Why Ransomware Attacks Are on the Rise
Published 07/07/2022
This blog was originally published by ShardSecure on June 27, 2022.
Written by Marc Blackmer, VP of Marketing, ShardSecure.
What Is Ransomware?
Ransomware is a type of malware that prevents users from accessing their systems and files and requires them to pay a ransom to regain access. Most types of ransomware encrypt hard drive files so they can’t be accessed, though “locker ransomware” may erase files or block access to a system using other methods.
After encrypting systems, ransomware attackers demand a payment — usually in the form of Bitcoin or other cryptocurrencies — in exchange for a decryption key that will unlock the affected material. They may also threaten to sell or leak confidential data or delete system backups as an added incentive to make victims pay the ransom.
Ransomware infections can happen when users:
- open malicious attachments in spam emails, often as a result of spear phishing
- visit compromised websites
- are redirected to cybercriminal servers by online ads, a.k.a. drive-by downloads
- are tricked into opening attachments or clicking on links via other forms of social engineering
Ransomware is of growing concern and has the potential to cause tremendous damage to small businesses and Fortune 1000 companies alike. Below, we’ll outline why the threat of ransomware is rising — and what your organization can do to mitigate its effects.
Recent Rise in Ransomware
Although an earlier version of ransomware has been around since the late 1980s, it’s only recently become a major threat. According to the Verizon Business 2022 Data Breach Investigations Report, ransomware breaches have increased more this year than the last five years combined.
Similarly, Check Point Research discovered a 24% global increase in ransomware attacks this year, with one in 53 organizations affected in 2022 (versus one in 66 last year).
Ransomware attacks are not only becoming more prevalent; they’re also becoming more costly. According to the same Check Point Research report, 11% of organizations paid ransoms of $1 million or more, and the average ransom paid out by companies increased nearly five-fold to $812,360.
This has recently led to high-profile ransomware cases like the 2021 attack on the US-based software company Kaseya, where attackers compromised between 800 and 1,500 companies and requested a $70 million payment as ransom.
Around the same time, the Colonial Pipeline ransomware attack caused panic buying at gas stations and necessitated a $5 million payment in Bitcoin. Meanwhile, the world’s largest meat supplier paid an $11 million ransom in Bitcoin after its own ransomware attack that same month.
The impact of ransomware is being felt well beyond private corporations. In June 2022, Costa Rica’s national public health agency was attacked by ransomware. And ransomware attacks on health organizations can be particularly devastating; according to a recent report by SC Media, it costs around $1.85 million on average to recover ransomware-infected systems in the healthcare sector.
Unfortunately, the problem shows no sign of abating. A report from Cybersecurity Ventures predicts that, by 2031, ransomware will cost the economy around $265 billion each year, with a new attack happening every two seconds.
Why Is Ransomware on the Rise?
Several different factors have contributed to the recent explosion of ransomware. From the effects of the COVID-19 pandemic and the growth of cryptocurrency to companies’ own evolving responses to ransomware, the changing digital landscape has created a perfect storm for ransomware.
Remote Work
First, the increase in remote work has been a major boon for cybercriminals. Employees accessing the internet at home are much more vulnerable to attack, since they typically lose the protection of company firewalls and secure internet routers outside of their office networks.
Additionally, the increasing amount of confidential data stored in multi-cloud environments leaves companies more vulnerable to exposure. As a December 2021 Forbes article put it, “Remote work has left exposed access credentials littered across the enterprise.”
Although some companies require their remote employees to use virtual private networks (VPNs) and virtual desktop infrastructure (VDI), these measures are less effective with cloud-based resources. Furthermore, using a remote desktop protocol (RDP) can allow attackers to gain control of devices that belong to IT admins and other privileged teams.
The ransomware economy has been quick to adapt. The criminal landscape now includes “initial access brokers” who seek out vulnerable and exposed VPN and RDP access credentials and then sell them to the highest bidder to perpetrate ransomware attacks.
Growth of Cryptocurrency
Another major factor in the rise of ransomware is the growing popularity of cryptocurrency. From Ethereum and Dogecoin to USD Coin and Binance Coin, cryptocurrencies are typically regarded by cybercriminals as harder to trace than other forms of payment. That’s because, although cryptocurrency transactions take place in public ledgers, they are anonymized by nature.
While these transactions are not always untraceable, the perception of anonymity has emboldened attackers to demand high payments. Ransomware criminals often require that their victims pay them in Bitcoin, with some even including step-by-step instructions to help users create Bitcoin wallets.
Cryptocurrency also offers great ease and speed in transferring millions of dollars across national borders, facilitating money laundering and making it harder to catch cybercriminals in the act.
More Companies Are Paying Ransoms
Just like a schoolyard bully taking someone’s lunch money, cybercriminals are emboldened by success. The more companies that pay their ransoms, the more likely they are to continue with ransomware attacks — and the more likely that other criminals are to follow suit.
Unfortunately, the number of organizations paying ransoms is growing. A recent report from the Institute for Security and Technology found that the number of victims paying the ransom increased more than 300% from 2019 to 2020 alone. Although this figure is discouraging, it also makes sense: many organizations feel they have no choice but to pay when faced with the loss of irreplaceable files and systems.
Luckily, there are effective ways to protect against ransomware. With the right preparation and security measures, organizations can avoid paying ransoms and even maintain business continuity in the event of an attack.
How To Mitigate the Impact of Ransomware
First, organizations must conduct a cybersecurity risk analysis and develop an incident response plan that includes ransomware events. Make sure that this plan allows your company to quickly isolate and remove the ransomware threat and restore normal operations.
Next, consider investing in insurance policies that cover cyberattacks. Cyber insurance has become an increasingly common and sophisticated product, and it can provide critical risk mitigation for ransomware, malware, and other online attacks.
Below, we’ll cover a few more steps your organization can take to protect itself against the growing threat of ransomware.
Beware of Phishing
Even with the growing sophistication of malware, most ransomware attacks are effective for one main reason: human error. As Deloitte notes, the number one delivery vehicle for ransomware is clicking a link or downloading an attachment in a phishing email.
Today, many phishing emails are successful because they effectively impersonate a trusted coworker or contact who the user actually knows. And increasingly sophisticated social engineering on the part of attackers makes it easier for even tech-savvy users to be tricked into clicking compromised links.
To protect against phishing, organizations may employ anti-spam solutions and include warning banners when emails are coming from someone outside of the organization. It’s also important to warn employees that cybercriminals are now able to create very authentic-looking phishing emails — sometimes even customized with information that those same employees posted publicly on their social media accounts.
All in all, an abundance of caution will help organizations avoid falling prey to phishing attacks.
Prepare for an Attack
The Center for Internet Security and the Cybersecurity and Infrastructure Security Agency recommend a number of additional steps that organizations can take to prepare for a ransomware event:
- Create multiple iterations of backups, store them offline, and routinely test them for data integrity.
- Keep all systems and devices patched and updated, including cloud locations.
- Employ antivirus, ad-blocker, and anti-spam solutions to prevent phishing emails and dangerous links from reaching the network.
- Implement employee training and regularly remind workers of the dangers of clicking on unknown links and opening attachments in unsolicited emails.
- Apply the principles of least privilege and network segmentation.
Consider Microsharding To Mitigate the Impact of Ransomware
An innovative application of microsharding technology can help neutralize the effects of ransomware by desensitizing sensitive data for use in multi-cloud and hybrid-cloud environments. Based loosely on the concepts of RAID 5 and traditional sharding — a process used to distribute a single dataset across multiple databases and increase a system’s total storage capacity — microsharding is used for data security.
It works by shredding data into tiny fragments (or microshards) that are too small to contain so much as a complete birthdate or other piece of sensitive data. It then removes file metadata and distributes the microshards across multiple logical containers of the user’s choice.
This process helps to protect against the data exfiltration aspect of cloud ransomware in which attackers threaten to publish sensitive or confidential data. Because attackers cannot reassemble microsharded datasets without first compromising every single storage location, they will only have access to an unintelligible fraction of the affected data.
One application of microsharding technology can also help protect against the primary effect of ransomware by reconstructing affected data whenever it is tampered with, deleted, or held hostage by ransomware. It also works in tandem with encryption for a defense-in-depth approach.
Related Articles:
Establishing an Always-Ready State with Continuous Controls Monitoring
Published: 11/21/2024
AI-Powered Cybersecurity: Safeguarding the Media Industry
Published: 11/20/2024
The Lost Art of Visibility, in the World of Clouds
Published: 11/20/2024
Group-Based Permissions and IGA Shortcomings in the Cloud
Published: 11/18/2024