Ransomware: the new digital pandemic-October 2021

Simon Roe at Outpost24 shares his insights on why the ransomware threat is growing and how to protect your organisation from it

Just like COVID-19, the ransomware pandemic continues to be a major threat to society, with no guaranteed cure in sight. It is a threat that world leaders are taking serious notice of. The British and American governments have set up the Ransomware Taskforce (RTF) to advise businesses on how to be better able to manage this national security crisis.

With ransom paid by victims soaring by 311% to $350 million, in recent years ransomware has grown from a relatively unknown nuisance to a multibillion-dollar industry. But despite industry and government warnings, many businesses are ill prepared to deal with the ransomware threat.

How has ransomware become so efficient and deadly?

Ransomware-as-a-Service

One of the main drivers of ransomware is the growing popularity of ransomware-as-a-service (RaaS). This is a subscription-based business model that lowers the threshold for any cyber-criminals wanting to get into the ransomware business.

Similar to Software as a Service (SaaS), RaaS groups allow cyber-criminals to purchase ransomware kits for a fee so that they can execute their own ransomware attacks. In essence this is franchising cyber-crime. Some of the best-known groups include Ragnarok, DoppelPaymer, Nefilim, Maze, and Sodinokibi – names that you might have seen in the headlines for all the wrong reasons.

Ransomware is an effective attack method and relatively cheap to deploy. Some kits can cost as little as $20 meaning the return on investment is high. This attracts a vast array of criminal talent.

It’s not just the ransomware attackers who benefit. The ransomware kit developers earn a percentage of the ransomware payment if it is successful. For example, the REvil group operates a RaaS model where affiliates and ransomware developers share the proceeds from the ransom. The REvil RaaS was utilized in the July 2021 Kaseya attack, which affected at least 1,500 organizations.

In addition, RaaS distributors also benefit. They often receive a higher proportion of the payment than the malware developers, allowing them to profit from the distribution of pay-for-use malware without getting their hands dirty.

RaaS gangs and access brokers partner up

Another worrying trend is the emergence of Initial Access Brokers (IABs). These profit from the sale of remote unauthorised access into business networks. Using brute-forcing techniques and credential-stealing malware, IABs obtain access to a business’ infrastructure and then sell access information and tools so that others, such as ransomware attackers, can perform intrusions via exploits and vulnerabilities.

Leveraging advanced techniques, these access brokers detect and scan vulnerable systems. Between the ransomware groups and the IABs there is a dangerous partnership emerging that will only serve to intensify the risk for unsecured and vulnerable businesses.

Three ways to mitigate ransomware

Hackers will look for exploitable weaknesses in a range of areas including outdated software, system vulnerabilities, shadow endpoints, misconfigurations, and lax security and user controls. Businesses must focus on raising cyber hygiene to the highest standards.

And while no one is 100% safe from ransomware, there are a number of steps that business can follow to ensure the possibility and impact of suffering an attack is kept to a minimum.

1.      Measure often and remediate what’s important

Conducting business operations safely and securely has proved difficult as the digital footprint of people and organisations has expanded. It’s essential to scan your business networks continuously against common vulnerabilities and exposures (CVEs) as exploiting these is easy for cyber-criminals.

Attackers can use any security exposure in your technology layer to infiltrate your systems. Therefore companies must think beyond point assessments of devices, networks, applications, and users. Instead they must generate a complete view of their attack surface. If any gaps are identified, they should leverage threat intelligence to prioritize patching efforts. This will ensure that the most dangerous CVEs are remediated first, efficiently reducing the organisation’s risk.

2.      Protect your users

As the cost of a successful ransomware attack hits an average of $2 million, it’s all too easy to lay the blame on the victim. Many ransomware attacks use social engineering tactics to trick unguarded employees into clicking on malicious links. It’s key to maintain a high level of security awareness among employees through regular training. Turning your staff into the first line of defence and providing the tools and process they need to safeguard their credentials must be an integral part of your security protocols.

3.      Prepare for the worst

Business leaders must proactively sharpen their security focus while also having plans and processes in place to survive a ransomware attack. The reality is suffering a cyber-attack has become a matter of when and no business wants to have operations brought to a halt, or worse, a data breach. Ensuring robust data backup and recovery plans is essential.

Simon Roe is product manager at Outpost24

Main image courtesy of iStockPhoto.com