With high profile attacks like the Colonial pipeline attack, ransomware is as big a threat as ever, and there’s no end in sight. Many organizations are facing ransomware infections in spite of upgrading security practices— a sign that ransomware hackers are adapting.
By keeping up to date with the methods used by hackers, you can minimize your risk of an infection. This is a never-ending arms race, and unfortunately, it looks like continuous cybersecurity upgrades at every level of an organization will have to be part of the “new normal.”
This article will give you some background on the development of ransomware, the latest methods hackers are using to extort money from victims, and how you can protect yourself and your company.
A Brief History of Ransomware
The first wave of ransomware attacks generally aimed to paralyze a company’s operations by encrypting all of their files. The hackers then demanded payment in exchange for a decryption key. If your data was more valuable than the cost of the ransom demand, it made sense to pay it, and many companies did.
Flush with cash, hackers reinvested their profits into expanding and upgrading their capabilities. A number of ransomware-as-a-service (RaaS) operations sprung into existence, developing specialized malware capable of evading antivirus software and subcontracting out the dirty work of breaking into networks.
Backups were a natural first line of defense from this type of extortion. If you had a recent copy of your data, you could just restore your network from uncorrupted backups and tell the hackers to take a hike.
In response to many companies taking this approach, hackers began putting in extra effort to find and encrypt backups before demanding a ransom. As more and more organizations adopt more complex, air-gapped backup strategies, however, even this is not working as well as it used to.
Leveraging Data Leaks
In response to improved backup practices, ransomware hackers are increasingly reliant on using stolen data to pressure victims into paying ransoms. Even if you can restore all your data from backups, once hackers have their hands on your data, there are a number of ways they can make your life miserable.
The most obvious is by threatening to release sensitive data to the public. The average cost of a data breach was around $3.8 million in 2020, so it’s easy to see why companies would be willing to pay a ransom rather than deal with one.
The cost of data breaches is much higher in the healthcare sector, and as a result, there has been an increase in ransomware attacks targeting healthcare providers. In one case, hackers intentionally targeted a Finnish psychotherapy provider with more than 40,000 patients, knowing how sensitive the data in patient case files would be.
Some ransomware gangs have made moves to automate data leaks, simultaneously striking dozens of companies and then automatically publishing data on the dark web if their demands are not met.
Hackers are also leveraging other forms of harassment to enhance their extortion techniques. One is to combine denial of service (DDoS) attacks with threatened data leaks to put additional pressure on victims. Especially when it comes to businesses with online revenue streams, having a website shut down by a DDoS attack can translate to serious
Another is to directly contact a company’s customers to announce to them that their data has been leaked. In this way, it might not only be the hackers demanding payment, but angry customers calling you up demanding you keep their data private.
This sordid state of affairs underscores the importance of keeping data safe. Of course, the first line of defense is to prevent unauthorized access to your network, but it’s not always possible to foresee all vulnerabilities. When it comes to data security, it’s very much necessary to “hope for the best, prepare for the worst.”
There are lots of good guides on how to prevent attackers from gaining access to your system, but in the event that they get past your first line of defenses, there’s a few simple steps that can dramatically reduce the risk of a catastrophic data leak.
- If you don’t already use strong encryption on your file systems, you should. This goes especially for any sensitive data. Even if attackers gain access to data through a backdoor, it will be useless to them without the encryption key, which should only be accessible to whitelisted applications and protected with other security measures like multi-factor authentication.
- Multi-factor authentication. Multi-factor authentication (MFA) requires entering additional information, such as a fingerprint scan or a code from another device, along with a password.
- Implement advanced access control. Sensitive customer data should have additional layers of protection, and no one in your company should have access to any data that they don’t absolutely need for their work. Gaining full access to a network often requires multiple steps.By structuring your data into multiple security tiers protected with encryption, multi-factor authentication, and strong passwords, you make life much harder for cyber extortionists.
If your company’s business model is heavily reliant on web services, it may also be worth contracting a DDoS protection service. Many such services exist, offering a range of different features at different price points. A few options are listed here.
Keep Ahead of the Game
The world has changed. Love it or hate it, the emergence of cryptocurrencies like Bitcoin has given hackers many new ways to make money, and there’s no going back.
It’s far preferable to preempt threats by monitoring developments in the ransomware space than to wait until you get hit to improve security. Ransomware hackers have proven to be highly resilient and adaptive, so updating security practices and training employees about risks needs to become a routine part of every business’s operations, just like cleaning the office or conducting audits.
This also represents our best hope for putting an end to ransomware. If we all improve our security practices, ransomware will become less profitable for hackers, and they’ll be forced to seek other ways to make a living. So improving security awareness and practices is not just good for your business— it’s good for everyone.