Why is Ransomware Still So Successful?

With successful ransomware attacks still on the rise, it’s clear that victory is still a long way off in the cat-and-mouse battle between companies and cyber-attackers. With extortion malware, attackers can paralyze a company’s infrastructure and demand the payment of a ransom for its restoration. How then can companies eliminate this threat once and for all?

In the State of Encrypted Attacks Report 2020, security analysts from Zscaler ThreatLabZ reported a 500% rise in ransomware attacks compared to the previous year’s figures. It was also evident that, although cyber-criminals are increasingly executing more complex and targeted attacks, many of the techniques used to successfully disseminate malware—such as infected macros in Word documents—are actually surprisingly simple. Having failed to update security policies to protect against these types of attacks, IT departments appear to be lagging behind the cyber-criminals.

From an attacker’s perspective, there are many potential ways to penetrate a network and encrypt data. Currently, stealing data and holding it “hostage” is a highly effective way to get companies to pay up, so hackers are increasingly using this strategy to get their slice of the pie.

The coronavirus pandemic has also been cited as a factor driving the increase in ransomware infections. The need to quickly transition large numbers of employees to working from home meant that companies were forced to rush the rollout of remote access solutions, with little time to adequately consider security. To compound the problem, employees working in isolation are not able to quickly get a second opinion from a colleague if they spot suspicious data traffic, making it harder for them to reliably spot risks.

With this in mind, attackers focus their efforts on the weakest link in the security chain—people. It is essential that companies uphold their obligation to train their employees to spot security risks, and that they adapt and upgrade their security solutions where necessary.  

Defending Against Ransomware: Security Hygiene

IT teams need to up-level their security hygiene to keep track with the changing nature of ransomware. The utmost priority for companies should be to keep their patching and vulnerability management up to date. Additional best practices are regular access reviews and taking the least privilege principle into consideration. IT teams need to ensure that staff can only access their required applications, without opening the whole network for them. Putting a strategy in place that avoids lateral movement can prevent attackers from crawling through the whole network if they have managed to gain a foothold into a system.

Nowadays, companies publish more information about their infrastructure online than they should, and they are often completely unaware that they have done so. Sometimes an incorrectly configured server is leaking data, or a hastily established development environment might be acting as a gateway for attackers to access critical data, or perhaps a simple open port is the culprit.

The internet also invites attackers to gain an in-depth knowledge of a company’s infrastructure, enabling them to execute targeted attacks at its weakest points. A firewall, for example, can give attackers unintended insight into a company’s structure; it may provide information on network names and domains in internal environments, which, in turn, can be used to identify potential areas for attack.

Understanding how attackers gain access is imperative for an organization to implement appropriate measures to ensure that only authorized users obtain access to the necessary applications.

Security strategies are in urgent need of an upgrade with modern authentication mechanisms. Weak passwords do not hold up against brute-force attacks. All too often, home office users choose the easiest way and opt for the simplest passwords that the system will permit. But with ransomware attacks on the rise, multi-factor authentication should be a high priority.

Developing a Zero Trust Approach

In contrast to traditional approaches to security, zero trust network access (ZTNA) can help to significantly reduce a company’s vulnerability to attack. According to Gartner, Zero Trust Network Access (ZTNA) can be provided by a service that creates an identity- and context-based, logical access boundary around applications. Applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities. This broker verifies the identity, context and policies of the participants before allowing access and thus prohibits lateral movement elsewhere in the network. This removes application assets from public visibility and significantly reduces the surface for attackers.

It is worth noting that none of the approaches mentioned in this article are new. However, the need to rapidly roll out remote work on a huge scale left IT departments with little time to fully consider new security architectures and the threat landscape in our modern world. Now, these IT departments are getting the management support they need to implement new security models—because people are increasingly realizing that adopting a holistic approach to the requirements of networks, applications and IT security boosts a company’s defenses against today’s ransomware.

What’s Hot on Infosecurity Magazine?