High-profile ransomware attacks on Colonial Pipeline, the Washington DC Metropolitan Police and meatpacking company JBS underscore a trend. Data from 21 notorious ransomware groups shows that ransomware attacks doubled in the first half of 2021 and show no sign of slowing. 1
Cyberattacks that use malware to lock people out of their data unless they pay a ransom, also known as ransomware, are exploding across the world. And unfortunately, many large and small organizations are unable to stop an attack or recover quickly.
Why is ransomware growing so fast? Simply put, it’s easy money. It’s a relatively low risk way for financially motivated groups to extort millions of dollars from organizations globally. 2
Another driver is the notion of ‘ransomware as a service,’ which is where a ransomware group will lease out their malware and infrastructure to other criminals in exchange for a percentage of any ransom paid.
This drastically lowers the barrier to entry. Cybercriminals no longer need to develop their own ransomware; they can just hire another group’s capability.
So, there’s a whole cybercriminal economy that has evolved around ransomware with potentially millions of dollars up for grabs, and this has been a key driver in the surge of attacks.
“Cryptocurrency is the enabler that allows ransomware attacks to increase their size and scale. For law enforcement interested in tracking or following the money, it’s a shell game..” It’s all about the payday
“Often ransomware isn’t the first piece of malware that a victim organization receives,” says Brett Wallace, Head of Cybersecurity Operations at JPMorgan Chase. Usually, an unwitting employee is first induced to download malicious software that grants an attacker access to the network.
Once a hacker has access, they move through the network gathering information to understand what the organization does and how much revenue it generates. This information is used to set the ransom amount. “Different businesses are asked to pay different amounts based on their revenue. These groups are smart about that. They do their homework,” says Wallace.
Then, information is often stolen from the network before ransomware is finally deployed. A typical business cannot go long without the ability to access business or customer data, and the attackers usually apply further pressure by threatening to publish the data they stole. Out of desperation, owners often pay.
But it’s how they pay that’s the real gamechanger.
Other attempts at online theft bring in less or take more work. If a hacker steals credit card numbers, they can sell them or use them, but the value of those numbers is limited and credit card fraud is often detected quickly. Large bank withdrawals or transfers are risky because they’re often flagged and the transaction cancelled. Hacks that require social engineering rely on employees to carryout orders or make approvals that take time and could look suspicious.
The beauty of ransomware, from a hacker’s point of view, is that it requires direct payment. And that payment is usually made using a cryptocurrency such as Bitcoin. “Cryptocurrency is the enabler that allows ransomware attacks to increase their size and scale,” says Wallace. “For law enforcement interested in tracking or following the money, it’s a shell game.” You send the money and it can disappear into the internet. What can you do to prevent an attack?
“No industry is immune. Everyone who has an online presence and is connected to the internet is a potential victim,” says Wallace.
The good news? Basic cybersecurity practices continue to be effective for organizations of any size. In particular, Wallace believes that focusing on three layers of protection will significantly reduce your risk: 1. Multifactor authentication
A ‘factor’ in authentication speak is just a way of confirming your identity when you try to sign into an account. The three most common types of factors are something you know (like a password), something you have (like a smartphone or one-time passcode generator) or something unique to you (such as biometric data i.e., fingerprint). Multifactor authentication is the practice of using more than one factor. So, even if a hacker steals a password, they still can’t gain access to your accounts without an additional authentication factor — which they are unlikely to possess. 2. Vulnerability management
Exploiting software bugs, known as vulnerabilities, on internet-facing devices is the easiest way for hackers to enter your network. Investing in a capability to identify vulnerabilities in your technology and remediating them promptly will significantly reduce the risk of compromise. 3. Employee awareness
Even with the best technology in place to prevent attacks, it can all be undone […]
source How to help protect your business from one of today’s biggest cyberthreats