Ever since WannaCry first brought ransomware to the world’s attention in 2017, organisations have struggled to keep up. During the first half of 2022, there were a total of 236.1 million ransomware attacks reported worldwide.
Yet these ransomware-style attacks are evolving as criminals develop new techniques to extort organisations. Below we will summarise what you need to know about ransomware, looking at what ransomware is, what you need to know about it and how it is evolving.
What is Ransomware?
In a traditional ransomware attack, an attacker breaks into a network, identifies critical data assets, and then encrypts them to force the victim to pay a ransom so they can have access to those files again.
However, in recent breaches, hackers have started to not only encrypt the victim's data but also exfiltrate it so that they're able to sell it if the victim doesn't pay up.
This puts hackers in a win-win scenario, where they win either if the victim pays the ransom or they sell the data to a third party. As a result, prevention is now more important than ever to ensure an organisation doesn’t find itself in a lose-lose ransomware breach.
Things You Need to Know About Ransomware
Unlike the first iterations of ransomware that most organisations are familiar with, the newer versions of ransomware bring to the table a new set of threats that businesses need to be aware of to stay protected.
Ransomware attacks have evolved with increasing instances where an attacker will not only encrypt the victim's data, as they would in a traditional ransomware attack, but will also threaten to publish confidential information to pressure the victims into paying a ransom.
Below we’re going to look at four things you need to know about ransomware in 2023.
Prevention is Critical to Combatting Encryption and Leakage
The rise of ransomware 2.0 means that if an attacker gains access to an organisation’s data, there's little it can do to protect that information from public disclosure other than pay the ransom.
Prevention is the only effective defence against encryption and leakage, so it's vital to make sure that all computers have up-to-date anti-malware software and use Managed Detection and Response (MDR) to continuously monitor the network for threats.
Attackers Aren’t Just Financially Motivated
While most attackers are financially motivated, an increasing number of attacks are emerging where cyber criminals are more interested in committing IP theft. Some entities commit IP theft to sabotage companies for political reasons, as a form of activism, or even whistleblowing.
At the same time, some foreign governments will use cyber gangs to steal sensitive information as a form of espionage, to gain access to data that provides them with greater insight to achieve their political aims.
More Ransomware Attacks are Relying on Insiders
As the ransomware ‘industry’ expands and the ransomware-as-a-service model becomes more popular, attackers are beginning to bribe employees into injecting malware into their companies’ networks as part of an insider attack.
Typically, a cyber gang will contact an employee to offer them a large amount of money to download a malicious email attachment that will grant access to an organisation's network. Then if the organisation pays the ransom, the attackers will give the employee a cut of the ransom.
These insider attacks are difficult to defend against because they are so hard to prove, and there aren’t any penalties that an organisation can impose on employees for being bad at spotting phishing emails.
Educating Employees on Phishing Threats is Key
In many attacks, cyber criminals use phishing emails to infect an endpoint with malware so they could gain a foothold in the network and spread ransomware throughout the entire environment.
Therefore, it's vital to educate employees on how to detect phishing emails with security awareness training and phishing simulations, so they don't inadvertently download a malicious email or attachment that spreads ransomware.
Read more on phishing exercises HERE
Change Your Defence Mindset in 2023
“As cyber criminals use ransomware style attacks to steal protected information, organisations must move on from traditional approaches to ransomware protection and focus on prevention.
This should start with educating employees on the latest threats so that there's less chance of them making a mistake and downloading an attachment that puts their organisation, and its data in a lose-lose situation,” said Integrity360’s Chief Technology Officer Richard Ford.
Want to find out how you can defend your data from ransomware?
