Ransomware attacks have been around for some time. Nowadays, though, the set of malware attacks that threaten to publish a victim’s personal data or permanently block access unless a ransom is paid are becoming more prolific – and brazen. How so?
Ransomware has become more sophisticated
For one, criminals are getting more sophisticated. One thing they’re doing is focusing on a wider attack radius. Supply chain attacks, for instance, have hit dozens of managed service providers at the same time.
What’s more, hackers are going for two bites of the apple. It’s a practice called double extortion. Attackers exfiltrate data to a separate location, so that they can use the data for other purposes, e.g., public leaks.
If this sounds like an organized business, that’s because it is. Double extortion almost ensures that criminals turn a profit, according to security experts. Because firms now have even greater incentive to pay up as they face economic and reputational pressures from a leak.
Often that’s because the criminals themselves are acting more strategically than opportunistically – not just scouting out the best victims but also the best methods.
Spear phishing, for instance, has long been one of the primary means for distributing ransomware. But now hackers are also exploiting vulnerabilities, e.g., VPN concentrators.
Ransomware as a service
These moves all speak to the rise of Ransomware as a service, or RaaS.
RaaS is exactly what it sounds like, a pay-for-use malware that obviates the need for individual attackers to write their own ransomware code and/or run their own set of activities.
Instead, the platform with ransomware code and operational infrastructure are made available. Criminals need only launch and maintain their own campaigns.
Ransomware has lasting consequences
Scary stuff. And scarier still because these attacks have lasting consequences.
A New Year’s Eve ransomware attack on the currency exchange service Travelex forced the firm to go into administration. All told, 1,300 jobs were lost.
In the U.S., the city of Portland lost USD 1.4 million in public funds when hit by cybercriminals.
Although a million dollars might not seem like a lot, the city also faces drastically higher insurance premiums, too. According to reporting, the city saw its annual premiums jump over USD 100 thousand after the attack.
What then can be done? Organizations will have to step up if they hope to outrun enterprising criminals. Some measures they can implement include the following:
- Go for multiple layers of defense in their security programs
- Develop and track employee education on the risks of social engineering
- Fix known vulnerabilities by keeping software and firmware updated
- Have reliable backups of critical data
- Prepare tabletop exercises and run them regularly through integrated security management solutions, to identify potential gaps and expedite response and recovery
And since physical infrastructure is often a vulnerability, organizations need to up their integrated operational security management game, too.
What does that entail? Well, the best-practice measures to mitigate informational security risk by controlling physical assets can be found in international standard ISO 27001. For more, download our dedicated guide to the physical controls laid out in the best-practice standard.