How ransomware is evolving as an organizational threat
Current Ransomware Security Measures: how effective are they? In 1995, cybercrime in the cybersecurity industry looked very different. At the time, attacks aimed at taking down a single network were common. The goal was to gain bragging rights by successfully infiltrating an organization.
The picture now is more frightening, as ransomware has emerged as a method of extorting money from organizations. Organizations need help to respond when a cybercriminal has successfully duped an employee into clicking on a link or opening an attachment that infects the entire network.
After the data has been encrypted, a ransom demand is issued to unlock it. Since organizations have learned to regularly back up their data, ransomware attacks have become more complex, with an additional threat of publishing data on the dark web.
The cost of attacks is higher and they occur more often
According to the Sophosresearch, the average ransom payment now stands at $1.04 million. The cost of recovery tacks on another $2 million to that figure. Payments are usually made in cryptocurrency, and many criminal outfits have call centers to assist victims in the transaction.
As a result of mass remote work sparked by the pandemic, ransomware has become more widespread. Australia has seen a 15% increase in ransomware attacks reported to the Australian Cyber Security Centre in the past year.
Furthermore, ransomware attacks are becoming more sophisticated and frequent, as well as more targeted and personal. As a rule, the approach was ‘spray and pray’ in the past. Nowadays, organizations with weak defenses and poor financial capabilities are singled out.
It is not uncommon for cybercriminals to quietly infiltrate systems, sitting in the background without setting off any alarms. Among other things, they’ll learn how often backups are performed and whether companies are preparing for an IPO or merger and acquisition.
An employee may receive a ransom demand through email, or the perpetrator may call them and share information obtained from the stolen information, such as disciplinary action taken against them. The goal is to scare them into demanding their employer pay the ransom.
One alarming trend is the use of ransomware to attack supply chains. We will continue to see this threat through 2022. An attack on US software provider Kaseya in July affected 1500 businesses on five continents, from supermarkets in Sweden to kindergartens in New Zealand.
It was a very interesting case in which the cybercriminal attacked Kaseya-related organizations.
An effective defense strategy and a remediation strategy can help minimize the effects of a ransomware attack, but there is no foolproof way to prevent one. A few of the key tips are testing defense systems constantly, performing simulation exercises, using strong passwords and multi-factor authorization, and performing daily offsite backups.
By creating a business continuity plan, you can ensure the security of your data and services. For instance, suppose your email service went down. How would you handle the situation? Would you be able to communicate by phone?”
Take a zero-trust network approach – assume that you must authenticate people once they enter the network and do not rely on the firewall to protect you. You can do anything on the network due to this incorrect assumption. All types of threats to your business are considered by our managed security services. Furthermore, we make sure that your software is always current by using our resources. Therefore, we often prevent online threats before they occur.
How effective are the current initiatives?
Australian governments are starting to talk about ransomware differently and note several positive initiatives, such as the Ransomware Action Plan. We believe, however, that tackling the scourge of ransomware will require a greater investment. There is a huge global issue that requires an appropriate level of response. We spend a lot of money on submarines, but in many ways, the war has shifted to digital – and expenditures have not shifted similarly.
Currently, the Critical Infrastructure Bill is making its way through Parliament that would grant the government extraordinary powers of intervention in the event of cyberattacks on critical infrastructure.
It’s a good lever to raise standards, and Australia would be in line with the US and UK in accepting it as a very serious problem.
What are your chances of stopping these attackers? You are unlikely to succeed. Nevertheless, you can help protect an organization. To anonymize the data, you would need a layer of abstraction to prevent repeat attacks on organizations known to pay.
Organizations are paying ransoms, however. We need to figure out how many organizations are paying a ransom quietly to determine the scale of the problem.