Ever since WannaCry first brought ransomware to the world’s attention in 2017, organisations have struggled to keep up. During the first half of 2022, there were a total of 236.1 million ransomware attacks reported worldwide.
Today, ransomware threats are so common that they account for 10% of all breaches, including numerous high-profile incidents targeting companies like semiconductor chip company Nvidia and car manufacturer Toyota.Yet these ransomware-style attacks are evolving as criminals develop new techniques to extort organisations. Below we will summarise what you need to know about ransomware, looking at what ransomware is, what you need to know about it and how it is evolving.
In a traditional ransomware attack, an attacker breaks into a network, identifies critical data assets, and then encrypts them to force the victim to pay a ransom so they can have access to those files again.
However, in recent breaches, hackers have started to not only encrypt the victim's data but also exfiltrate it so that they're able to sell it if the victim doesn't pay up.
This puts hackers in a win-win scenario, where they win either if the victim pays the ransom or they sell the data to a third party. As a result, prevention is now more important than ever to ensure an organisation doesn’t find itself in a lose-lose ransomware breach.
Unlike the first iterations of ransomware that most organisations are familiar with, the newer versions of ransomware bring to the table a new set of threats that businesses need to be aware of to stay protected.
Ransomware attacks have evolved with increasing instances where an attacker will not only encrypt the victim's data, as they would in a traditional ransomware attack, but will also threaten to publish confidential information to pressure the victims into paying a ransom.
Below we’re going to look at four things you need to know about ransomware in 2023.
The rise of ransomware 2.0 means that if an attacker gains access to an organisation’s data, there's little it can do to protect that information from public disclosure other than pay the ransom.
Prevention is the only effective defence against encryption and leakage, so it's vital to make sure that all computers have up-to-date anti-malware software and use Managed Detection and Response (MDR) to continuously monitor the network for threats.
While most attackers are financially motivated, an increasing number of attacks are emerging where cyber criminals are more interested in committing IP theft. Some entities commit IP theft to sabotage companies for political reasons, as a form of activism, or even whistleblowing.
At the same time, some foreign governments will use cyber gangs to steal sensitive information as a form of espionage, to gain access to data that provides them with greater insight to achieve their political aims.
As the ransomware ‘industry’ expands and the ransomware-as-a-service model becomes more popular, attackers are beginning to bribe employees into injecting malware into their companies’ networks as part of an insider attack.
Typically, a cyber gang will contact an employee to offer them a large amount of money to download a malicious email attachment that will grant access to an organisation's network. Then if the organisation pays the ransom, the attackers will give the employee a cut of the ransom.
These insider attacks are difficult to defend against because they are so hard to prove, and there aren’t any penalties that an organisation can impose on employees for being bad at spotting phishing emails.
In many attacks, cyber criminals use phishing emails to infect an endpoint with malware so they could gain a foothold in the network and spread ransomware throughout the entire environment.
Therefore, it's vital to educate employees on how to detect phishing emails with security awareness training and phishing simulations, so they don't inadvertently download a malicious email or attachment that spreads ransomware.
Read more on phishing exercises HERE
“As cyber criminals use ransomware style attacks to steal protected information, organisations must move on from traditional approaches to ransomware protection and focus on prevention.
This should start with educating employees on the latest threats so that there's less chance of them making a mistake and downloading an attachment that puts their organisation, and its data in a lose-lose situation,” said Integrity360’s Chief Technology Officer Richard Ford.
Want to find out how you can defend your data from ransomware?