What’s New in Ransomware & How to Avoid an Attack
While ransomware can be extremely destructive, there have also been some fascinating, if not slightly amusing use cases. For example, seven years ago hackers demonstrated ransomware for IoT thermostats, and a drone hacked smart lightbulbs from outside the window. Much more recently, court systems throughout Kansas will likely operate on paper for at least 2 weeks, possibly due to a ransomware attack.
We’ll take a look at other recent developments in the world of ransomware, along with how to avoid having your organization fall victim.
Reduced Payments to Attackers
The US government is urging other countries to commit to not making ransom payments to hackers. As written in Pymnts, “By encouraging nations to commit to this stance, the U.S. aims to create a united front against ransomware attacks, emphasizing the importance of not rewarding cybercriminals for their actions.”
These recent efforts to reduce payments to attackers may be part of a growing trend. Ransomware payments dropped from $766 million in 2021 to $457 million in 2022, according to research from Chainalysis published in January 2023. Chainalysis wrote, “We have to caveat these findings by noting that the true totals are much higher… Still, the trend is clear: Ransomware payments are significantly down.” The research firm attributes much of the drastic drop off to victims refusing to pay.
Ransomware Remains in Vogue
Decreasing payments aren’t yet putting a damper on attackers’ efforts. According to research from cybersecurity firm Fortinet, over 10,000 new ransomware variants were active in the first half of 2022, an increase of nearly 100% compared to the previous six-month period. Fortinet attributes this growth mainly to Ransomware-as-a-Service (RaaS) becoming increasingly popular on the dark web. Another recent report from Vade Secure found that phishing attacks rose by 173% in the third quarter of 2023, while malware threats have increased by 110%.
The Wall Street Journal published that ransomware is back in vogue, with insurers saying ransom-related claims rose sharply in the first half of 2023. “In vogue,” as if we’re discussing the cut of jeans, from flare to skinny to bootcut and back again!
Disruptive Cyber Attacks are Prevalent
90% of respondents to Splunk’s CISO research, published October 2023, reported their organization experienced at least one disruptive cyber attack last year. Additionally, 35% of respondents are already experimenting with generative AI for cyber defense including malware analysis, workflow automation, and risk scoring.
70% of CISOs believe generative AI could give cyber adversaries more opportunities to commit attacks. Frankly, that 70% seems quite low to me. I find it hard to imagine believing cyber attackers are not going to be able to leverage AI in some ways. While code generating AI solutions have attempted to reduce code generation for hacking, its falling incredibly short of eliminating the practice. Hackers are resourceful and it shows with the increases in malware and ransomware.
Vital Steps to Avoid Ransomware Attacks
Regardless of any global efforts to stop payments to make ransomware less lucrative, IT professionals must be prepared and work to avoid ransomware attacks. Proper security configuration can reduce:
- The chance of being infected
- Spread of malware throughout your organization
- Impacts of the infection
First and foremost, use a good anti-malware solution. Google provides strong protection in their Google Workspace Gmail and Drive storage solutions. Each endpoint needs to be protected as well.
The second very important protection component is frequent backup so that your organization is able to recover lost data if hit with ransomware. As described by the UK National Cyber Security Centre (NCSC), “There are two main ways to back up:”
- by saving copies to physically disconnected backup storage that you are entirely responsible for managing
- by saving copies to a cloud-based backup service that handles some of this responsibility for you”
Google Drive with Vault can recover files from the last 30 days within specific parameters. However, each file must be recovered individually, and the process can be lengthy. The only solid recovery option is an isolated backup solution that will back up your data to a secondary, secure storage location. Ensure that your business is backing up important files daily.
Of course, attackers have access to the same best practices guidance as security pros, so they specifically target backups. The NCSC lists 5 guiding principles, starting with, “Backups should be resilient to destructive actions,” and “A backup system should be configured so that it isn’t possible to deny all customer access.”
Wursta Business Continuity Services
Wursta designs and executes business continuity, backup, and disaster recovery plans so you can quickly resume operations in the event of a disaster, meeting your SLAs and complying with regulations. Whether you currently have no backups, NAS-based solutions, VMWare snapshots, or any other type of solution, Wursta can help you meet your recovery time objectives (RTO) and recovery point objectives (RPO).