Ransomware attacks encrypt all of the victims’ data on the targeted network and demand payment in exchange for the decryption key. The F-Secure report has claimed the attacks have grown more vicious than ever as per the cybersecurity pros.
F-Secure’s Attack Landscape report updated their reports for the first half of 2021, states that about 15 ransomware families are adopting the “Ransomware 2.0” approach, up from just one in early 2019. Ransomware 2.0 also includes data theft, besides encryption.
Cybercriminals opting for Ransomware 2.0 will steal as many sensitive files as possible and threaten to publish the information online unless the demands are met. This approach came due to the increasing use of backup solutions, as businesses started restoring their data and stopped paying the ransom.
- Keep your device secure with the best malware removal software.
- You can also find the best endpoint protection solutions here.
- Keep your identity safe and secure with the best identity theft protection.
The F-Secure report also said that almost 40% of ransomware families discovered in 2020, and various old ones seize data from victims.
“Organizations with reliable backups and effective restoration procedures are in a strong position to recover from a ransomware attack without having to pay. However, managing a potential data leak is a dramatically different challenge, especially for organizations that possess confidential information,” explained Calvin Gan, a Senior Manager with F-Secure’s Tactica Defense Unit.
“Ransomware actors, current and future, will likely feel emboldened to try new things and jump on vulnerabilities faster, which we already see with the recent MS Exchange vulnerabilities.”
Paying The Ransom
Organizations should never again pay the ransom. Experts and law enforcement agencies, including the FBI. Paying the ransom never guarantees that the victim will get their data back, and in many cases – they never do. Also, paying up doesn’t guarantee that any other cyber-criminal (or even the same one ) will not attack the victims again soon.
Instead, organizations are inspired to set up a solid backup solution with robust cybersecurity tools and teach their employees and managers the dangers of malware, phishing, and ransomware.
Ransomware attacks have become more robust and lucrative than ever before. They have gone to such an extent that advanced cybercriminal groups have switched to using it over their traditional forms of crime – and, likely, they are just going to become even more dominant in 2021.
For example, what if ransomware gangs could attack many different organizations at once in a coordinated attack? It would offer an opportunity to illicitly make a large amount of money in a concise amount of time. And one-way malicious hackers could attempt to do this is by compromising cloud services with ransomware.
“The next thing we are going to see is probably more of a focus on cloud. Because everyone is moving to cloud, COVID-19 has accelerated many organization’s cloud deployments, so most organizations have data stored in the cloud,” says Andrew Rose, resident CISO at Proofpoint.
We saw a tester of the extent of the widespread disruption that can be caused when cybercriminals target smartwatches and wearable manufacturer Garmin. Cybercrime left users around the globe without access to its services for days with the help of ransomware.
If criminals could gain access to multiple organizations’ cloud services and encrypt those, it would cause widespread disruption to many organizations at once. And it solely possible that in this scenario, cybercriminals might demand millions of dollars in extortion fees due to what’s at stake.
The adverse nature of ransomware could also see it misused by hacking operations that aren’t thoroughly motivated by money.
The first instance of this was in 2017 when NotPetya took down organizations worldwide and cost billions in damages. Cybercrime was designed to look like ransomware; In reality, the malware was intended for carnage as there wasn’t even a way of paying the demanded ransom.
NotPetya was associated with the Russian military, and, likely, the idea of using ransomware as a genuinely devastating cyberattack hasn’t gone unnoticed by other states. For a government or armed force that doesn’t want its enemy to know who is behind a catastrophic malware attack, posing cybercriminals could become a valuable means of deception.
“We have already seen a precedent that’s been set by nation-state actors who have used this, but what if they take it to the next step? The destructive capabilities of ransomware are certainly appealing to malicious espionage actors, and they may use it to cause disruption,” says Sandra Joyce, senior vice president and of global intelligence at FireEye.
“So as we continue to see ransomware in the criminal underground continue to rise, we need to be mindful of the fact that nation-states are watching and could take on as their weapon of choice,” she adds.
Ransomware will continue to be a vital threat, but corporations can help protect themselves from it by applying some relatively simple cybersecurity practices.
Organizations should ensure that they have a well-managed plan to apply cybersecurity patches and other updates. These patches are often released because software firms have become aware of vulnerabilities known in their products, which cyber criminals usually exploit by promptly applying the patch to prevent hackers from using these vulnerabilities to break into the network.
One of the other techniques cybercriminals use to gain entry to networks is to take advantage of weak passwords, either by guessing common or default passwords or buying them on the dark web.
To prevent this, corporations need to encourage their employees to use more complex passwords and multi-factor authentication accounts. If an intruder manages to crack the employee’s login credentials to gain access to the network, it would be nearly impossible for them to locate files.
Organizations should also ensure that they are prepared for anything that might fall victim to a ransomware attack. Creation of regular backups of the network and storing them offline away from your network means that if the worst happens and your network is encrypted by ransomware, it’s possible to restore it from a relatively recent restore point – and without giving in to the demands of cybercriminals.
Because ultimately, if cybercriminals do not make money from ransomware, they might not be interested in conducting campaigns anymore.