Skip to main content

Ransomware: A growing threat for businesses, organizations

share arrow printer bookmark flag

January 12, 2023

The cyber-security landscape is filled with potential hazards – viruses, phishing attacks, email compromises, spyware and of course ransomware.

Most experts agree ransomware is one of the greatest cyber threats facing organizations, both large and small. 

A recent study estimated that between 2019-20, there was an almost 200% increase in ransomware attacks.

In fact, due to their relative success, cybercriminals have adapted their techniques to put more and more pressure on organizations in an effort to make them pay.

Exploiting fears of financial or reputational harm, the cost of ransomware attacks continues to increase.

In their “Cost of a Data Breach Report 2021,” IBM reported that ransomware breaches cost organizations an average of $4.62 million – not including the ransom paid, if any.

This figure includes expenditures related to detection and escalation, notification, post-breach response and lost business.

What is ransomware?
Ransomware is a type of malware, a general term that refers to any type of malicious software.

Malware can take many forms and can be used to attack a single computer, network server or website.

Ransomware is perhaps one of the most infamous kinds of malware.

It can be deployed by individual actors, or by organized groups and cartels.

Ransomware attacks are successful either by exploiting vulnerabilities within a network or by a user downloading a “trojan” file.
As a result, system files are encrypted, preventing their use or access.

The attacker demands payment to decrypt the files, hence the term “ransomware.”

But, as the saying goes, there is no honor among thieves.

Even if an organization complies with the demands of the attacker, there is no guarantee the cybercriminals will restore the files after the ransom is paid.

Some ransomware groups have begun employing “double-extortion” tactics.

Recent cases involve the attackers leaking stolen data to cause further harm to the targeted organization, or even selling data to other criminals who then can re-victimize the organization. An even more insidious tactic involves “triple-extortion,” which adds the threat of a Distributed Denial of Service (DDoS) attack.

DDoS attacks involve sending large amounts of traffic from multiple sources to a server or website, with the intent of overwhelming it, resulting in denying access to legitimate users.

This means, even with the ability to recover data from a backup, organizations are still susceptible to extortion threats.
The constant evolution of cybercriminals’ tactics also means those with even rudimentary computer skills can carry out a ransomware attack.

A relatively new development is something referred to as Ransomware-as-a-Service (RaaS) – a type of “pay-for-play” malware that can be purchased on the Dark Web.

Similar to legitimate Software as a Service (SaaS) enterprises (e.g. Office 365, Google Docs, Dropbox, etc.), RaaS applications allow cybercriminals – who lack the technical skills or time to develop their own malware – to purchase ransomware tools that have already been developed.

Typically, the RaaS “vendor” gets paid through subscription or licensing fees, or by sharing the ransom paid by the victims.
Some of the most recent examples of RaaS attacks include: DarkSide, REvil and LockBit.

In May 2021, Colonial Pipeline was targeted by DarkSide ransomware, resulting in the pipeline being shut down for almost a week – the company reportedly paid a $4.4 million ransom.

While ransomware attacks threaten many different business sectors, the industrial goods and services sector was the most targeted industry in 2021.

Government, education and healthcare also top the list of most targeted sectors.

How it happens
So, how does an organization get infected with ransomware? 

There are many attack vectors that have been deployed by cybercriminals to successfully deliver ransomware – social engineering, phishing emails and software vulnerabilities are a few.

Drive-by downloading, a term used to describe when a user unknowingly visits an infected website and downloads malware without their knowledge, is also a popular delivery method. More recently, ransomware attacks have evolved to leverage an organization’s reliance on remote access applications.

Cybercriminals can exploit vulnerabilities in Virtual Private Network (VPN) clients or use compromised login credentials to access systems using Remote Desktop Protocol (RDP).

Proactive prevention
Developing a comprehensive strategy to prevent ransomware attacks requires a multi-faceted approach, beginning with employees.

Human behavior is often the weakest link in any cybersecurity threat – therefore, a robust education program that teaches employees how to identify potential threats, strategies to mitigate risk and what to do if a suspected attack occurs is a vital first line of defense.

?Implementing strong endpoint security is another component of managing the risk of ransomware – limiting remote access, replacing VPNs with Zero Trust Network Access (ZTNA), utilizing multi-factor authentication and having a strong firewall are all recommended strategies.

?Finally, consider actions that safeguard your data – including staying current with security patches and updates, taking steps to segment your network and performing regular and frequent data back-ups.

Data can be further protected by creating multiple back-ups and storing them in different, secure offsite locations.

It is also a good idea for organizations to periodically review and test their recovery process.

Recovering after a ransomware attack can be difficult and expensive. 

As these threats evolve, cybercriminals are leveraging the cost of these attacks to demand higher ransoms and threaten data exfiltration, along with encryption.

By prioritizing employee awareness and data security, organizations can significantly mitigate the risks posed by these attacks. 
As a final note, the FBI strongly recommends against paying a ransom.

There is little evidence to support a correlation between paying and mitigating financial or reputational damage, plus there may be legal ramifications related to paying criminal entities.

If your organization is the victim of a ransomware attack, you are strongly encouraged to seek outside assistance, either from law enforcement or cybersecurity experts.

Detective Eric Edson is a 29-year veteran of the Sheboygan Police Department. In his role, Edson is responsible for investigating major crimes, which include financial crimes and fraud.

TBN
share arrow printer bookmark flag

Trending View All Trending