Why Ransomware Isn’t Going Away Anytime Soon

 2019 was an extremely successful year for ransomware, rife with attacks and many high-profile victims. Of all the cyberthreats, ransomware was proven to be the most devastating.

In the UK, it was reported by the government’s Cyber Security Breach Survey that 27% of businesses and 18% of charities were hit by a ransomware attack, with the healthcare industry being hit the hardest by this style of attack. In the U.S., the situation was even worse—a recent report by Emsisoft Malware Lab suggests at least 103 government agencies, 759 healthcare providers, and 86 universities, colleges and school districts were held hostage by ransomware last year. Once infected by ransomware, organizations could pay into the millions to get their systems restored.

In the past, ransomware did one thing: make someone’s computer useless by encrypting everything on it. The only way to get the information back was by paying the attacker a fee (usually in Bitcoin) to get a decryption key to reverse the encryption. Fast-forward to today, where new uses and types of ransomware have emerged.

There are three clear trends in ransomware attacks:

Shift to Digital Extortion

Ransomware has proven to be a very effective business model for organized crime and they have no incentive to stop. It’s been so profitable that we can now see a clear shift in what ransomware does. If organizations paying to get all their information back is lucrative, then it’s even more lucrative for criminals to target and extort organizations that want to keep their data safe and not see that data exposed to the outside world. As part of the ransomware attacks, there is now an element where criminals are downloading copies of the files being encrypted and then threatening to release them if the ransom isn’t paid.

Raj Samani, chief scientist at McAfee, summed up the situation best: “We use the term ransomware, yet the evolution of some of the recent variants have deviated so much that a more appropriate term is digital extortion. Recently, for example, the threat to release data represents not only reputational damage to victims but the threat of the regulatory penalties. This evolution, when combined with the threat of disabling key systems, is done with the sole purpose of encouraging payment.”

If one thing is clear about ransomware, it is that it is not going away anytime soon. It’s simply too profitable and effective.

Ransomware Attacks Will Be Used for Non-Financial Aims

Last year, we saw a devastating new ransomware called Nonpetya that resulted in significant financial loss. What made Nonpetya different from previous ransomware attacks was the aim. The ultimate goal wasn’t to extort any ransom or earn money for criminal gain but to wipe out all the information held on the target systems forever. It initially targeted Ukraine and then spread rapidly to other countries. It is widely suspected that the attack was borne out of a desire by the Russian government to disrupt the Ukrainian government, which it did very effectively by taking down thousands of government computers and businesses in the country. If this suspicion were credible, then this was cyber warfare in action—a government using cyber techniques to cause damage to an adversary. Considering how effective the attack was, it is to be expected to be used again.

Expect Ransomware Attacks to Become Easier to Launch

Gone are the days where technical know-how was needed to execute ransomware attacks. Today, any novice with little technical skills can purchase ransomware as a service (RaaS), a subscription-based malicious model. Cybercriminals write ransomware code and sell it to other cybercriminals, who can then launch their own attacks with little preparation. Once the attack is successful, the ransom money is divided between the provider and the attacker.

What Can You Do About Ransomware?

Here are some suggestions:

  1. Prepare to limit the impact or avoid ransomware altogether. Remember, it’s all about the backups, backups, backups! If you do not have backups, it really is game over. You will be at the mercy of the attackers to get your information back. Network segmentation and continuous monitoring are essential.
  2. Maintain good baseline cybersecurity hygiene practices. This means activities such as keeping computers up to date with patches to protect against unknown vulnerabilities. Deploy role-based and least privileged access controls, as well as multi-factor authentication policies to prevent access via admin credentials. Put in place security awareness programs and make sure they run continuously.
  3. If you are attacked by ransomware, see if there is a decryption tool already available. NO MORE RANSOM! is a project that releases decryption keys for many of the more common ransomware attacks. Call in a reputable cybersecurity partner to help you get through this process.
  4. Understand that having your systems brought down by ransomware is only the first phase. Once you recover your data, it is most likely your data has been stolen. This has now become a data breach and could trigger hefty fines under regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

While we aren’t certain what is ahead in the remainder of 2020, what we do know is that cybercriminals are increasingly targeting businesses with ransomware instead of consumers for a bigger payout. Organizations in fields such as education and health care, which often have a weak cybersecurity infrastructure and more sensitive data, will be a big target for attackers who aim to encrypt business-critical data and demand a high ransom.

So in summary, ransomware is a big deal that, if successful, can threaten an organization’s financial or reputation livelihood. Organizations must have cybersecurity fundamentals in place if they are to stand a chance at avoiding an attack and potentially costly consequences.

Avatar photo

Todd Wade

Todd Wade is a Principal Consultant at CRMG and senior technology leader, having served as CTO at Skechers, a major retail presence globally. Todd brings a fresh perspective to the world of cybersecurity and risk, being able to apply the Senior Executive’s lens to fundamental cyber risk management concepts.

todd-wade has 1 posts and counting.See all posts by todd-wade