The Growth of Ransomware
And How to Protect Your Crown Jewels
It seems like there’s a massive ransomware attack that breaks on the news this week. Each week another company — often one with plenty of resources and power — falls victim to the never-ending onslaught of cyber attacks in the industry. But it wasn’t always like this. Let’s talk about the growth and rise of ransomware in the information security industry.
We know that ransomware lives everywhere in today’s security ecosystem. But what we don’t know is how we got to this point … Why has ransomware become such a popular tactic for adversaries to use? What makes ransomware more effective than other organization-breaking tactics? And what is ransomware, anyways?
What is Ransomware?
For those who may be unaware, let’s start out this post by defining ransomware, and then we’ll move on to more complex discussions.
Ransomware is a form of malware that threatens to publish the attack victim’s information or block access to said information if a ransom is not paid. Simple ransomware simply blocks users from accessing or using data. This type is a minor inconvenience for victims but is something easily reversible for even the newest cybersecurity professionals. However, more complex ransomware is able to employ a tactic called crypto-viral extortion. Crypto-viral extortion encrypts the victim’s files, often making them completely inaccessible. The attacks then demand a ransom in exchange for the decryption of the files.
After successfully exploiting an individual or organization’s vulnerability and retrieving precious data, the attackers usually detail instructions for the victim on how to pay to get their information back (hence the word “ransom”). Attackers commonly use currency apps like Bitcoin or Ukash because they’re untraceable, making the attacker’s identity harder to pinpoint.
Why has Ransomware Grown in Popularity?
According to ZDNet, There’s been a huge increase in the number of ransomware attacks over the course of 2020, with a seven-fold rise in campaigns compared with just last year alone, according to newly released data from cybersecurity researchers.
Ransomware is not a new concept. Even before the age of computers and the rise of the Internet, bad actors were obtaining inside information and valuable “crown jewels” from organizations and holding them hostage in order to see a pay day. However, in recent years ransomware has seen a growth in both sophistication and overall effectiveness. The development of effective ransomware tactics has given bad actors the confidence to seek out “bigger fish.” All of these factors signal an enormous problem for the organizations that hold valuable assets and important trade secrets.
Simply put, viruses, ransomware attacks, and the overarching idea of information theft have always been a nuisance. But the dramatic increase in the danger level of these attacks and a large focus on using these attacks for financial gain has forced the hand of cybersecurity pros. As a result, both security teams and cyber criminals are throwing more resources towards each of their goals: defend and attack. But who wins out?
While many on the defensive side are successful in their efforts, it’s the successful adversaries breaking defenses — like this huge one, or that one, or even this one — that secure the headlines and garner national press.
Tips to Defend Against Ransomware
While most ransomware defense methods are not 100 percent effective, they provide an additional hurdle against even the most complex ransomware attacks. Having a plan for defensive action is vital to prevent a costly ransomware infection. The tips below are a good set of general security practices. Implementing and following these tips will maximize your security against all sorts of ransomware attacks:
- Keep your operating system patched and up to date to ensure you have fewer vulnerabilities to exploit. Ransomware attacks can be carried out on PCs, Macs, and even mobile phones, so this step is important for all users.
- Backup your files. This may go without saying, but the act of storing consistent backups ensures that you don’t need to open your checkbook to retrieve files and can revert to a previous backup instead.
- Install antivirus software for additional protection. You may be good at detecting phishing attempts, but additional software will ensure you don’t suffer from a temporary lapse in judgement. Additionally, whitelisting software is useful to prevent unauthorized applications from entering your inbox entirely.
- Don’t give administrative privileges unless you can verify the identity of the program asking for permission. Many ransomware attacks pose as well-known and trusted brands, so triple-checking permissions for authenticity can be a life saver.
If Your Organization is Hit by Ransomware
While prevention is important, detection and remediation are just as vital. If your organization is hit by a ransomware attack, it’s important to answer these questions:
- Are we secure? Cut off all compromised users from the primary network and ensure the damage is minimized and controlled.
- What was compromised? Do we have backups of the information and files that were taken? After your network is secured it’s important to gauge the total damage done to the organization.
- How were we compromised? What was the attack vector used to infiltrate our system? Is this vulnerability easily remediated? Once you’re secure and total damage is calculated, it’s important to identify how you were compromised and ensure the same tactic isn’t used in the future.
- Do we entertain the idea of paying the ransom? If we don’t pay, what’s the consequence? Will the data be leaked regardless of our payment? Now it’s time to get down to brass tacks. With everything we know, what’s the best way forward?
The truth is, we don’t know your organization and the impact that a successful ransomware attack has on your company. But we do know the right questions to ask and the right information to gather in order to make an informed decision about what to do next.
In Conclusion
Nobody wants to think about the idea of your organization falling victim to a ransomware attack. But it’s important — especially with the exponential rise of ransomware — to be prepared and ready to proactively neutralize the threat and deal with the consequences of the breach. By taking the time to assess the damage and get an accurate sense of the situation, you’re set up to make an informed and evidence-based decision.
