Why Ransomware Isn’t Going Away Anytime Soon

2019 was an extremely successful year for ransomware, rife with attacks and many high-profile victims. Of all the cyber threats, ransomware was proven to be the most devastating.

In the UK, it was reported by the government’s Cyber Security Breach Survey that 27% of businesses and 18% of charities were hit by a ransomware attack, with the healthcare industry being hit the hardest by this style of attack. In the US, the situation was even worse with a recent report by Emsisoft Malware Lab, suggesting at least 103 government agencies; 759 healthcare providers; and 86 universities, colleges, and school districts were held hostage by ransomware last year. Once infected by ransomware, organisations could pay into the millions to get their systems restored.

In the past, ransomware used to do one thing. It would make someone’s computer useless by encrypting everything on it. The only way to get the information back was by paying the attacker a fee (usually in Bitcoin) to get a decryption key to reverse the encryption. Fast-forward to today, where new uses and types of ransomware have emerged.

There are three clear trends in ransomware attacks:

  1. Shift to digital extortion.

Ransomware has proven to be a very effective business model for organised crime and they have no incentive to stop. It’s been so profitable, that we can now see a clear shift in what ransomware does. If organisations paying to get all their information back is lucrative, then it’s even more lucrative for criminals to target and extort organisations that want to keep their data safe and – in addition – not see that data exposed to the outside world. As part of the ransomware attacks, there is now an element where criminals are downloading copies of the files being encrypted and then threatening to release them if the ransom isn’t paid.

Raj Samani, the chief scientist at McAfee sums up the situation best: ‘We use the term ransomware, yet the evolution of some of the recent variants have deviated so much that a more appropriate term is digital extortion; recently for example, the threat to release data represents not only reputational damage to victims but the threat of the regulatory penalties. This evolution, when combined with the threat of disabling key systems, is done with the sole purpose of encouraging payment’.

If one thing is clear about ransomware, it is that it is not going away any time soon. It’s simply too profitable and effective.

  1. Ransomware attacks will be used for non-financial aims.

Last year, we saw devastating new ransomware called Nonpetya that resulted in significant financial loss. What made Nonpetya different from previous ransomware attacks was the aim. The ultimate goal wasn’t to extort any ransom or earn money for criminal gain, but to wipe out all the information held on the target systems forever. It initially targeted Ukraine and then spread rapidly to other countries.   It is widely suspected that the attack related to a desire by the Russian government to disrupt the Ukrainian government, which it did very effectively by taking down thousands of government computers and businesses in the country. If this suspicion were credible, then this was cyber warfare in action – a government using cyber techniques to cause damage to an adversary. Considering how effective the attack was, it is to be expected to be used again.

  1. Expect it to become easier to launch ransomware attacks

Gone are the days where technical knowhow was needed to execute ransomware attacks. Today, any novice with little technical skills can purchase “Ransomware as a Service” (RaaS) – a subscription-based malicious model. Cybercriminals write ransomware code and sell it to other cybercriminals who can then launch their own attacks with little preparation. Once the attack is successful, the ransom money is divided between the provider and the attacker.

So what can you do about ransomware?

Here are some suggestions:

  1. Preparation to limit the impact or avoid ransomware altogether. Remember it’s all about the backups, backups, backups! If you do not have backups, it really is game over. You will be held over a barrel by the attackers in order to get your information back. Network segmentation and continuous monitoring are essential.
  2. Maintain good baseline cybersecurity hygiene practices. This means activities such as keeping computers up-to-date with patches to protect against unknown vulnerabilities. Deploy role-based and least privileged access controls, as well as multi-factor authentication policies to prevent access via admin credentials. Put in place security awareness programs and make sure they run continuously.
  3. If you are attacked by ransomware, see if there is a decryption tool already available. ‘NO MORE RANSOM!‘ is a project that releases decryption keys for many of the more common ransomware attacks. Call in a reputable cybersecurity partner to help you get through this process.
  4. Understand that having your systems brought down by ransomware is only the first phase. Once you recover your data, it is most likely your data has been stolen. This has now become a data breach and could trigger hefty fines under regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

While we aren’t certain what is ahead in 2020, what we do know is that cybercriminals are increasingly targeting businesses with ransomware instead of consumers for a bigger payout. Organisations in fields like education and healthcare – who often have a weak cybersecurity infrastructure and more sensitive data – will be a big target for attackers who aim to encrypt business-critical data and demand a high ransom.

So in summary, ransomware is a big deal that – if successful – can threaten an organisation’s financial or reputations livelihood. Organisations must have cybersecurity fundamentals in place if they are to stand a chance at avoiding an attack, and potentially costly consequences.

 

About the author

Todd Wade
Principal Consultant, CRMG
Former CTO Skechers (Europe)
Industry Specialism: Rapidly Scaling Startups, Cloud technologies, Retail
Area of Expertise: Cyber Security Executive Management, Technology Risk

For more information on how to protect your organisation from ransomware, contact us at info@crmg-consult.com.