2019 was an extremely successful year for ransomware, rife with attacks and many high-profile victims. Of all the cyber threats, ransomware was proven to be the most devastating.
In the UK, it was reported by the government’s Cyber Security Breach Survey that 27% of businesses and 18% of charities were hit by a ransomware attack, with the healthcare industry being hit the hardest by this style of attack. In the US, the situation was even worse with a recent report by Emsisoft Malware Lab, suggesting at least 103 government agencies; 759 healthcare providers; and 86 universities, colleges, and school districts were held hostage by ransomware last year. Once infected by ransomware, organisations could pay into the millions to get their systems restored.
In the past, ransomware used to do one thing. It would make someone’s computer useless by encrypting everything on it. The only way to get the information back was by paying the attacker a fee (usually in Bitcoin) to get a decryption key to reverse the encryption. Fast-forward to today, where new uses and types of ransomware have emerged.
There are three clear trends in ransomware attacks:
Ransomware has proven to be a very effective business model for organised crime and they have no incentive to stop. It’s been so profitable, that we can now see a clear shift in what ransomware does. If organisations paying to get all their information back is lucrative, then it’s even more lucrative for criminals to target and extort organisations that want to keep their data safe and – in addition – not see that data exposed to the outside world. As part of the ransomware attacks, there is now an element where criminals are downloading copies of the files being encrypted and then threatening to release them if the ransom isn’t paid.
Raj Samani, the chief scientist at McAfee sums up the situation best: ‘We use the term ransomware, yet the evolution of some of the recent variants have deviated so much that a more appropriate term is digital extortion; recently for example, the threat to release data represents not only reputational damage to victims but the threat of the regulatory penalties. This evolution, when combined with the threat of disabling key systems, is done with the sole purpose of encouraging payment’.
If one thing is clear about ransomware, it is that it is not going away any time soon. It’s simply too profitable and effective.
Last year, we saw devastating new ransomware called Nonpetya that resulted in significant financial loss. What made Nonpetya different from previous ransomware attacks was the aim. The ultimate goal wasn’t to extort any ransom or earn money for criminal gain, but to wipe out all the information held on the target systems forever. It initially targeted Ukraine and then spread rapidly to other countries. It is widely suspected that the attack related to a desire by the Russian government to disrupt the Ukrainian government, which it did very effectively by taking down thousands of government computers and businesses in the country. If this suspicion were credible, then this was cyber warfare in action – a government using cyber techniques to cause damage to an adversary. Considering how effective the attack was, it is to be expected to be used again.
Gone are the days where technical knowhow was needed to execute ransomware attacks. Today, any novice with little technical skills can purchase “Ransomware as a Service” (RaaS) – a subscription-based malicious model. Cybercriminals write ransomware code and sell it to other cybercriminals who can then launch their own attacks with little preparation. Once the attack is successful, the ransom money is divided between the provider and the attacker.
So what can you do about ransomware?
Here are some suggestions:
While we aren’t certain what is ahead in 2020, what we do know is that cybercriminals are increasingly targeting businesses with ransomware instead of consumers for a bigger payout. Organisations in fields like education and healthcare – who often have a weak cyber security infrastructure and more sensitive data – will be a big target for attackers who aim to encrypt business-critical data and demand a high ransom.
So in summary, ransomware is a big deal that – if successful – can threaten an organisation’s financial or reputations livelihood. Organisations must have cyber security fundamentals in place if they are to stand a chance at avoiding an attack, and potentially costly consequences.
About the author
Principal Consultant, CRMG
Former CTO Skechers (Europe)
Industry Specialism: Rapidly Scaling Startups, Cloud technologies, Retail
Area of Expertise: Cyber Security Executive Management, Technology Risk
For more information on how to protect your organisation from ransomware, contact us at firstname.lastname@example.org.