RANSOMWARE – NEXT LEVEL MALWARE

You could say it was a trend simply waiting to happen. With the proliferation of networking, digital devices, online activity, Covid et al, the stage couldn’t have been more perfectly set for ransoms to evolve from hostages in the real world to data in the digital world. From an evolutionary point of view, also this is a step-up. Once purely intended by the malfeasant to corrupt an organization’s data, we now have an illegal commercialized business directed at destroying organizations, by crippling their market standing, investor confidence, and profitability.

Another type of malware

Ransomware is a type of malware [1] that typically encrypts files on an organization’s computers and servers, then exports the sensitive data from the encrypted systems as a “hostage.” Once the systems have been encrypted, a ransom is demanded, usually in the form of cryptocurrency, in exchange for a decryption key. Hostage organizations are threatened that failure to pay will result in confidential data being released or sold on the dark web.

Increasing trends

In 2021, the top three sectors in the US that were hit by Ransomware were the Industrial Goods and Services sector, the Education sector, and the Health sector. Even the US Government experienced attacks. And though Forbes [3] says there has been some slowdown in its growth of late, 2021 still registered a 62% increase in cases over 2020. Panda Security MediaCenter [9] says it is the 3rd most-used cyberattack method, accounting for 10% of all data breaches in 2021.

Perhaps 'alarming', is the word that adequately describes the phenomenal increase in attacks, costs and demands. Here's why:[9] 

• 80% of organizations experienced an attack in 2021, with experts saying an attack would take place every 11 seconds. (Claroty x Forbes)
• Globally, there were 304.7 million attacks in the first half of 2021, a 151% increase since 2020. (SonicWall)
• The advent of COVID-19 in March 2020 saw attacks surge by 148% in that month 
• The total cost of a breach attributable to it was an average of $4.62 million in 2021, not including ransom paid. (IBM)
• In 2021, lost business represented the largest share of data breach costs, averaging $1.59 million. 
• Total ransom demands across all families averaged $847,344 in 2020. (Bloomberg)
• The average ransom demand in 2021 went from $450,000 to $1.2 million per claim [2]

Wide-reaching consequences

The consequences of attacks go far beyond financial disruptions. The loss, corruption or unauthorized distribution of its data can cripple an organization, completely wiping out its market value, shattering investor confidence, and ultimately leading to bankruptcy. There would also be impacts on the organization’s operations and setbacks for senior personnel.

The reasons for the increasing incidence

• The incidence and rise in the number of attacks could be attributed to several factors. 
• Increasing online activity including e-commerce using a plethora of apps
• High usage of IoT devices especially mobile phones interacting at the edge [10]
• Evolution of cryptocurrency 
• Proliferation of cloud infrastructure allowing attacks from across the globe, with little fear of easy discovery and extradition
• Lack of awareness of security protocols and poor security measures in most organizations
• The incidence of Covid 19, and the resultant increase in WFH scenarios
• The commercialization of Ransomware-as-a-Service (RaaS)

The evolution of RaaS

With the fortunes of entire organizations as an incentive, Ransomware evolved to the next level with RaaS providers franchising their disguised encryption tools to attackers, for a percentage of the ransom collected.  Available in a variety of subscription-based models, affiliates can purchase packages, ranging from one month [4] for £90 to more elite packages for £1400.

RaaS numbers are also showing increasing trends. 157 families were discovered in 2021, up by 26% since the earlier year. Gartner [6] says: “Ransomware families have grown by more than 700% since 2016.” It’s being seen as doubly attractive as it offers attackers the possibility of extorting twice – once for return of the stolen data and secondly for sale to willing buyers.

How organizations are coping 

The awareness is certainly there. Gartner says that the threat of “new models” was the top concern facing executives in the third quarter of 2021. [5]

There has been mixed responses to the demands made by attackers. In 2020, 68% of U.S. organizations paid the ransom for an attack in 2020 (Statista). But there was a considerable drop in 2021 with 32% of victims paying the ransom in 2021 (Cloudwards). [9]

Yet paying the ransom is not a guarantee for resolution of the loss, as statistics show. Sophos research indicates that only one in 10 companies that paid the ransom got all of their data back [1]. Studies show that only 65% of an average of the data is restored [3], thus making it very costly in terms of remediation costs (up 10 times in 2021 from the previous year), business downtime, lost orders, and operational costs [4]. 

What organizations should do

While the feeling that ransoms should not be entertained, if only because the likelihood of total recovery is limited, Gartner [6] says organizations should take the following measures to effectively pre-empt a crisis from arising.

• Carry out regular vulnerability scanning
• Concentrate on patch-oriented security practices and system hardening. 
• Limit exposure by disabling nonessential and unused services 
• Increase vigilance and educate end users 
• Install the latest updates for operating systems and security toolsets
• Back up copies of your files repeatedly using Cloud-based services and on different media
• Implement privileged access management solutions where appropriate.
• Use the latest endpoint and network detection technologies to react faster
• Deploy web application firewalls to remove web server vulnerabilities.

What lies ahead.

It is widely expected that the remaining part of 2022 will continue to witness attacks, with even entry-level cybercriminals attempting to cash in on the boom. The double extortion possibility is only fuelling ambitions. 

Yet organizations themselves are now coming together to counter the threat. A new coalition called the #RansomAware is garnering increasing support as industry members look to share their experiences and best practices in the field.

Gartner’s prediction [4] that Governments will play a greater part in reducing cyber threats over the next few years through enacting legislation is already coming true. The Securities and Exchange Commission [8] for example is set to introduce a new legislation covering cybersecurity reporting practices. 

As RaaS continues to gather momentum, perhaps the small start made to counter its growing menace augurs well for the future. Yet in technical terms, fighting fire with fire seems the best solution. Endpoint Detection systems, ramped-up internal awareness, identity access management, server firewalls, Zero-Trust Architecture and enterprise-grade cybersecurity remains the best bet.

References

1. The Destructive Rise Of Ransomware-As-A-Service (forbes.com)

2. The Rise Of Ransomware: What Communication Executives Need To Know (forbes.com)

3. With Ransomware Costs On The Rise, Organizations Must Be More Proactive (forbes.com)

4. The Rise Of RaaS (forbes.com)

5. Gartner Says Threat of New Ransomware Models is the Top Emerging Risk Facing Organizations

6. Protect Your Organization From Cyber And Ransomware Attacks (gartner.com)

7. Gartner: Paying after ransomware attacks carries big risks (techtarget.com)

8. Securities and Exchange Commission to introduce new Cybersecurity Disclosure rules | Aurora (aurorait.com)

9. 73 Ransomware Statistics Vital for Security in 2022 - Panda Security Mediacenter

10. Edge Computing Security in an Expanding Cybersecurity Landscape | Aurora (aurorait.com)