Ransomware: Why it is on the Rise, and How Can Companies Respond?

While the pandemic has continued to grab headlines, wreaking physical, social, and economic havoc on just about everything in its path, the growing concern for global digital health should not be brushed under the carpet.

The year 2020 was one of the most active on record for cyber-criminals. According to Statista, more than 1000 data breaches occurred last year, affecting close to 156 million individuals.

Indeed, the volume of attacks is alarming, yet the complexity of techniques being used by today’s threat actors is arguably more worrisome. Just a few years ago, botnet attacks were commonplace, widely used among attackers. In the modern era, however, ransomware has begun to run riot.

As recently as 4 July 2021, Russian hackers REvil demanded a $70m ransom in the largest ransomware attack in history. It is believed to have infiltrated the IT infrastructure of up to one million companies after breaching the systems of US software specialist Kaseya.

In May 2021, Ireland’s Health Services became the subject of the worst cybercrime attack on the country to date, having been forced to shut down its systems to prevent a ransomware attack from progressing. In the same month, AXA was hit after dropping support for ransomware payments.

These attacks are no coincidence. Statistics from Bitdefender’s Mid-Year Threat Landscape Report 2020 show a seven-fold spike in ransomware attacks globally in 2020, with hackers actively tapping into email phishing, remote desktop protocol vulnerabilities and software flaws.

These somewhat distressing figures are the product of what can only be described as a perfect storm.

When COVID-19 hit, governments turned to drastic social distancing measures and unprecedented national lockdowns to keep citizens safe.

In turn, organizations had to adapt almost overnight to survive. Where many had spent decades operating out of offices as their core hubs of productivity, the sudden shift to remote working models has prompted the adaptation of critical IT infrastructure to support employees working in vastly disparate locations on a range of devices.

The domino effect was extensive. Not only did this shift greatly expand the digital landscape at an extreme pace, but it also resulted in swathes of potential vulnerabilities.

Take the remote worker as an example. The home is a place of relaxation, tranquillity and contentment, yet working from desks in bedrooms, kitchens and family rooms naturally blurs the lines of separation between home and work. Where guards were dropped, security awareness faltered.

Device-related security challenges also emerged. As companies had to scramble to source key equipment in scarce supply, such as laptops, quick fixes included the use of personal devices for work-related matters.

Naturally, many such devices had inadequate security yet were authorized to tap directly into company networks via virtual private networks (VPNs).

Therefore, many organizations quickly realized that VPNs are an unsuitable, unsustainable means of upholding remote working models — models which appear to be here for the long haul as we emerge from the pandemic into a new normal.

Thanks to traffic bottlenecking and productivity issues, firms have gradually turned away from the VPN and traditional on-premises networks, now opting for scalable, cloud-based services. Yet this transition has been fraught with its own challenges.

Cloud-based models drastically expand the attack surface of enterprises. Where many have begun to recognize the potential of such technology in terms of the productivity benefits and innovative applications available, less attention has been paid to the security risks.

It’s a natural train of thought. Whereas the former will directly result in a tangible return on investment and easily visible benefits, security is often viewed as a cost that ultimately delivers no immediate benefit.

However, given the intensity of the current threat environment, the importance of getting cloud-based security correct cannot be understated.

Businesses are beginning to recognize the damage that cyber-criminals can cause to their organization. In a survey about ransomware recently conducted by Menlo Security, more than two-thirds (69%) demand prison sentences, while six out of 10 respondents think that ransomware attacks should be treated the same as terrorist attacks.

The survey also shows that 79% of respondents feel that organizations hit by ransomware should not pay the ransom. However, the data and assets held during such attacks are often the lifeblood of many businesses.

Therefore, the question is simple: How can companies prevent attacks such as ransomware from happening in the first place and protect their core assets?

Unfortunately, there is no silver bullet that will magically wipe away these threats. However, there are many multiple steps organizations can take to instill best practices.

First and foremost, enterprises must consider the key gateway used by cyber-attacks — the human. It is often said that 19 in every 20 data breaches stem from human error, yet it can be challenging for individuals to recognize what they are doing wrong.

People have a cognitive bias. We see something that has a green icon in an address bar, and we associate that with being a safe website — it’s how we’ve been conditioned to distinguish visually between good and bad. But this exact bias is what attackers are now taking advantage of.

Training can help to some extent, but to truly limit the opportunities for hackers to infect a network, a zero trust approach and isolation technology should be considered.

With isolation technology, malicious code is prevented from ever reaching the network perimeter. Indeed, prevention is arguably the most important focus area that can give a business and its employees the security they need to shut the door on ransomware attacks for good.

If you liked this article, be sure to check out this upcoming Online Summit session:

What’s Hot on Infosecurity Magazine?