In the not-too-distant past, ransomware attacks were rarely newsworthy. Today, it seems there is another high-profile victim in the headlines almost every week.
Recent notable attacks have affected large enterprises, including tech companies Quanta, Fujifilm, and Acer; oil giant Royal Dutch Shell; and Brazilian electric utility Companhia Paranaense de Energia.
But big corporations aren’t the only organizations at risk from ransomware. Attacks on healthcare settings, schools, municipal governments, manufacturers, and other underfunded organizations are also on the rise.
10 Things to Know About Today’s Ransomware Threats
The frequency and severity of attacks are so high and show so little sign of slowing down that many CSOs and CISOs now consider ransomware to be the most significant cyber risk their businesses face today. Therefore, IT teams must arm themselves not only with technology but also with knowledge, so they can prevent and neutralize ransomware attacks while proactively preparing for recovery if necessary.
Here are 10 things everyone should know about the current state of ransomware:
Technology expertise is no longer a prerequisite for ransomware operators. Would-be cybercriminals can now “rent” ready-made ransomware code from gangs and deploy the code via phishing emails, compromised credentials, or network vulnerabilities.
2. Cybersecurity is crucial for businesses of every size.
Ransomware attacks don’t garner the same level of press for small and medium-sized businesses (SMBs) as they do for their enterprise-level counterparts, but smaller businesses are also at risk. A study conducted by Accenture and the Ponemon Institute found that almost half (43 percent) of cyberattacks targeted SMBs. But here’s the scary part: The study also found that only 14 percent of the respondents were prepared to defend themselves.
3. Ransomware isn’t new.
In 1989, Eddy Willems inserted a mysterious floppy disk into his computer, and the first case of ransomware was deployed. In the more than three decades since this first recorded instance, ransomware attacks have evolved from minor annoyances to catastrophic events capable of disrupting operations at some of the world’s most powerful corporations and government agencies.
4. Human error is the No. 1 cybersecurity threat.
From skipping security updates and sharing passwords to falling for phishing scams and clicking bad links, humans are hands down your business’s biggest vulnerability. Even the world’s most technologically advanced cybersecurity can’t stop a breach caused by an employee who unwittingly shares credentials or account numbers with a malicious actor.
5. The 3-2-1 backup strategy is no longer enough.
Until recently, most IT organizations subscribed to the 3-2-1 approach to secure their backups: three copies of the data on two different media with one copy stored off-site (preferably in the cloud). This data protection strategy proved effective until newer ransomware strains began targeting backup files and encrypting them so they were useless for recovery efforts. Today, many IT teams are adding an air-gapped, offline copy to the equation now known as the 3-2-1-1 backup strategy.
6. Paying the ransom doesn’t guarantee your data is safe.
After they experienced significant breaches, Colonial Pipeline paid the ransom its attackers demanded, whereas Fujifilm did not—and they both had to restore their data from backup files. Security experts and law enforcement agencies alike warn against giving in to ransomware operators’ demands. Paying the ransom encourages additional attacks, and it doesn’t guarantee that you will get the decryption key—or, in Colonial Pipeline’s case, a decryption key you can use.
7. Holistic ransomware prevention is essential.
One-dimensional, piecemeal cybersecurity is no match for today’s constantly evolving cyberthreats. Creating an effective barrier between your data and the people who want to access it illegally requires a more holistic approach. Companies that want to prevent ransomware and other cyberattacks must develop multi-layer strategies that include processes, policies, and best practices for cybersecurity, backup, and disaster recovery. Additionally, staff must be trained to be the first line of defense against cyberattacks.
8. Ransomware operators are adding triple extortion to their playbooks.
When double extortion ransomware attacks hit the mainstream, businesses worried that their data would be leaked publicly in addition to being encrypted and held for ransom.
Now, ransomware operators are turning to triple extortion tactics, sending ransom demands to both the company being attacked and the company’s clients. One high-profile example of this tactic is the Quanta ransomware attack that resulted in Macbook schematics being published online just ahead of Apple’s Spring Loaded event.
9. Your business continuity and disaster recovery strategy needs a post-COVID-19 update.
The events of 2020 put many organizations’ business continuity plans to the test. Between remote workers exponentially expanding the company attack surface and the sudden need to stand up infrastructure to support 100 percent virtual operations, even well-prepared IT teams identified gaps in both their business continuity and disaster recovery strategies that need to be resolved quickly.
10. Critical infrastructure businesses are under attack.
During the peak of the pandemic, ransomware operators began targeting healthcare and research facilities with higher-than-normal frequency. As the economy moves into the post-COVID-19 recovery phase, attackers are now targeting critical infrastructure sectors, including fuel distributors, utilities, food production, and government agencies.
These attacks can cause catastrophic disruptions to manufacturing supply chains, food supplies, and essential municipal and governmental services.
The Next Wave of Ransomware
If the current trend of targeting infrastructure and escalating attacks beyond ransom payments is any indication, the ransomware outlook is going to get worse before it gets better.
Ransomware technology is becoming more sophisticated and more difficult to detect quickly. A recent study by cybersecurity firm Sophos found that hackers are accessing networks using red team tools and other “legitimate” entry methods that don’t necessarily trigger a cybersecurity response.
According to this study, attackers spent a median of 11 days undetected in the network (though some went as long as 15 months). Staying undetected for so long gave attackers ample time to move laterally through the network exfiltrating data, stealing credentials, and exploiting vulnerabilities.
With the global economy struggling to restart and cyberattacks homing in on critical industries and services, the U.S. government recently announced that it is taking a harder stance against ransomware and asked businesses to do the same by treating an attempted ransomware attack the same way they would treat a terrorist attack.
IT teams have every reason to be wary of ransomware, but they can do more than sit back and wait for an attack. Download Don't Become a Statistic: Stay Ahead of Cybercriminals by Implementing a Holistic Ransomware Protection Strategy to learn how to create a ransomware defense plan that addresses common weaknesses in today’s IT infrastructures and how to future-proof your strategy for the next wave.