There’s good news and bad news about ransomware. The good news is that security experts predict a drop in the number of attempted ransomware attacks in 2021. The bad news is that the numbers are dropping because ransomware operators are targeting “big game” enterprises with higher potential payouts, not because the threat is diminishing.
Don’t get too comfy if you think your organization isn’t big enough to tempt cybercriminals. There are still plenty of smaller-scale ransomware outfits out there and, across the board, ransomware tactics are getting more sophisticated, more destructive, and harder to detect.
What to Expect from Ransomware Operators in 2021
Ransomware is constantly evolving, and what was once considered an inconvenience is now the stuff of IT and CSO nightmares. Many ransomware operators have upped their game with attacks that do far more damage than just encrypting data until the ransom is paid.
Here are a few of the more popular ways ransomware operators are wreaking havoc in 2021:
Targeted Attacks on Backups
Everyone knows that backing up data to a secure location is an essential step in a ransomware defense strategy. But what everyone doesn’t know is that sometimes a secure backup isn’t enough to prevent data loss. There are some strains of ransomware that specifically target backup files, so if you’re relying on a backup that is connected to the company network, your data recovery plan is at risk.
A better way to protect company data and systems is to tweak the classic 3-2-1 backup strategy, taking a 3-2-1-1 backup approach instead:
- 3—Make three copies of the data (production and two backups).
- 2—Store them on two different media.
- 1—Move one of the copies offsite (preferably to the cloud).
And here’s the new bit ...
- 1—Save one air-gapped copy of the data offline, isolated from the company network. If the ransomware code can’t find your backup, it can’t encrypt it.
The double extortion approach to ransomware takes two of the worst things that could happen to your data and rolls them into one big mess. Ransomware operators infiltrate the company systems and steal some data before encrypting it and notifying the victim of the attack. The operator then threatens to sell or publish the stolen data online if the ransom isn’t paid.
New Mexico’s Rehoboth McKinley Christian Health Care Services experienced a double extortion attack recently. Cybercriminals published sensitive employee information, including social security numbers, on the dark web to “encourage” the organization to pay a ransom.
Delaying Encryption to Wait Out Backups
This tactic is especially sleazy because not even immutable storage is immune. During this type of attack, ransomware operators find an in, but don’t encrypt data or announce their presence immediately.
This gives the malicious program time to poke around and penetrate deeper into the company network. By breaching accounts higher and higher up the org chart, hackers gain access to highly sensitive business-critical data, which can be used to leverage a larger payment.
The other major problem with this tactic is that the longer the malicious code goes undetected, the greater the chance it will be added to the immutable backup. This renders the backup useless for recovery efforts once the ransomware encrypts the company files.
Targeting Critical Infrastructure
Ransomware operators hit the jackpot in 2020, taking full advantage of the chaos caused by the pandemic. Things don’t appear to be slowing down in 2021.
Adding insult to injury, many ransomware attacks are zeroing in on organizations providing critical infrastructure, such as healthcare and manufacturing. Targeting these industries leaves patient data vulnerable, puts people’s lives at risk, and slows down the supply chain at a time when materials and components are already hard to come by.
Shaming and Intimidation Tactics
Companies hit with cyberattacks not only have to pay for remediation and cleanup, they also have to deal with the reputational damage that can have a less obvious but long-lasting impact on company revenue. Ransomware operators know that many organizations will go to great lengths to protect their reputation, and they use that knowledge to put on pressure to pay the ransom.
For example, the Ragnar Locker gang attacked Italian beverage company Campari Group and demanded a ransom. To add some incentive for Campari to pay up, the cybercriminals hacked into a Facebook page and ran an ad announcing they had stolen sensitive data from Campari and would publish it if the ransom wasn’t paid.
Another tactic designed to intimidate companies into paying the ransom is cold-calling victims. Ransomware operators physically call companies that they suspect can restore their lost files from backup without paying the ransom to harass them into paying.
How to Fight Back
Yes, ransomware is getting worse, and it’s even likely that your organization will be affected. However, you don’t have to wait passively to become a victim. Taking a proactive holistic approach to ransomware protection provides a safety net for today’s complex IT infrastructures.
For best results, focus on three core factors to create a multi-layer defense against ransomware:
Apply AI and machine learning for protection against known and unknown threats. Look for a solution that combines the latest cybersecurity technology with state-of-the-art data protection capabilities.
Backup and Recovery
Recovering from a ransomware attack depends on the quality of your business continuity and disaster recovery strategy. Work with all levels and departments in the company to ensure comprehensive coverage for all business-critical applications and systems, as well as any dependencies. Be sure to include immutable, image-based backups as part of the plan and test the response and recovery process regularly, to ensure it works when you need it to.
The Human Element
Human error is a leading cause of data breaches, so make it harder for mistakes to happen. Implement the latest in identity and access management such as multi-factor authentication, privileged access management, and zero trust initiatives.
Never forget that knowledge is power. Educating employees through regularly scheduled security awareness training makes people part of the security solution instead of part of the problem.
Although ransomware is a growing threat to companies of all sizes, you don’t have to be a victim. Download Your Guide to a Ransomware-Free Future to learn more ways to protect your organization from new and evolving ransomware tactics.