Ransomware is one of the biggest threats to businesses. Experts expect more attacks and even greater damage in the coming year.
A company that falls victim to
a ransomware attack is quickly unable to conduct its business because cyber
criminals use malware to encrypt the network, rendering it inoperable.
The hackers block such networks
for one simple reason: it's the fastest, easiest way to extort money, and
they're unlikely to get caught. The attackers demand a ransom payment in
exchange for the decryption key for the files.
Extortion demands have
increased over the course of 2020, with ransomware gangs now regularly
demanding millions of dollars in Bitcoin from victims. The unfortunate
reality is that ransomware continues to thrive as a significant number of
victims give in to criminals' demands for extortion by paying the ransom.
Although police and
cybersecurity firms warn that businesses shouldn't pay to criminals, many feel
that this is the fastest and easiest way to restore their network and prevent
long-term economic damage - although it still causes many ongoing problems.
Ransomware gangs are
increasingly using a new tactic to force victims to pay: They threaten to
divulge the victim's stolen data, which means that sensitive company data or
personal information of customers and clients will eventually be made available
to other criminals.
“From the perspective of a
financially motivated criminals, ransomware remains the most lucrative type of cyberattack, especially if the victims are high-quality companies. In late
2020, cybercriminals will ramp up their attacks to maximize their financial
returns and increase the chances of getting paid, ”said Anna Chung,
cybersecurity threat research analyst for Unit 42 at Palo Alto Networks.
Ransomware attacks are more
powerful and lucrative than ever - to such an extent that advanced cybercriminal
groups have started using them on their traditional forms of crime - and it is
very likely that they will become even more prevalent in 2021.
For example, what if ransomware
gangs could attack many different organizations at the same time in a coordinated
attack? This would provide the opportunity to make lots of money illegally
in no time - and one way malicious hackers could try is to compromise cloud
services with ransomware.
“The next thing we'll see is
probably a bigger focus on the cloud. With everyone moving to the cloud,
COVID-19 has accelerated the cloud implementation of many organizations so that
most organizations have data stored in the cloud, "said Andrew Rose,
Resident CISO at Proofpoint.
We saw a foretaste of the extent of the far-reaching disruptions that can be caused when cybercriminals
attacked the smartwatch and wearable manufacturer Garmin with ransomware. The
attack resulted in users around the world not having access to the company's
services for days.
If criminals could gain access
to cloud services used by multiple companies and encrypt them, it would cause
widespread disruption to many companies at once. And it is quite possible
that ransomware gangs would demand tens of millions of euros in extortion money
in this scenario.
The destructive nature of
ransomware could also be exploited by hacking activities that are not only
motivated by money. The first example of this was in 2017 when NotPetya
networks caused billions in damage. While the attack was designed to look
like ransomware, in reality, the malware was designed for pure destruction as
there wasn't even a way to pay the ransom note.
Keep your data safe from ransomware. Pay for advanced antivirus software like Protegent Total Security, instead of paying for ransomware.
NotPetya has been attributed to
the Russian military and other nation-states have likely used the
same tactic. For a government or military that does not want the enemy to
know who is behind a destructive malware attack, posing as cybercriminals
could be a useful deception.
“We have already seen a the precedent set by nation-state actors who have used this, but what if they take
the next step? The destructive capabilities of ransomware are certainly
attractive to malicious actors and they could use them to cause disruption,
"said Sandra Joyce, senior vice president and head of global intelligence
at FireEye.
"As ransomware continues
to grow in the criminal underground, we need to be aware that nation-states can
watch this and use it as the weapon of their choice," she adds.
Ransomware will continue to
pose a major threat, but organizations can protect themselves from it by using
a small number of relatively simple cybersecurity practices.
You should ensure that you
implement cybersecurity patches and other updates on a timely basis and
quickly. These patches are often released because software companies have
become aware of known vulnerabilities in their products that could be exploited
by cybercriminals - applying the patch quickly and promptly prevents
malicious hackers from using it as a means of breaking into the network.
Another method cybercriminals
use to gain access to networks is by exploiting weak passwords, which they
either buy from dark web forums or can be obtained simply by guessing common or
standard passwords.
To prevent this from happening,
companies should encourage their employees to use more complex passwords. Login
should be done using the added security of multi-factor authentication, making
it more difficult for an intruder to gain access to a network.
Organizations should also
prepare for a ransomware attack and play through what could happen if they fall
victim to a ransomware attack. Regularly backing up the network and
storing it offline means that in the worst-case scenario, it is possible to
restore it from a relatively recent point - without giving in to
cybercriminals' demands.
Rely on the air gap, i.e. the
physical separation of network and backup. A magnetic tape stored in a
safe is safe from hackers. And under no circumstances should you pay a
ransom. Because when hacker gangs no longer earn money with ransomware,
they ultimately no longer have any interest in running campaigns.
No comments:
Post a Comment