The Ransomware Problem Is Worsening and Organizations Need to Pay More Attention
Not even a pandemic can slow down the cybercriminals of the world. COVID-19 appears to have even encouraged an increase in ransomware attacks. According to one mid-year security report, a dramatic increase in global ransomware attacks has been observed during the first half of 2021. A 93 percent increase in the number of attacks has been recorded for 2021 H1 compared to the same period in 2020.
Experts say this uptrend is set to expand further in the next few years. The surge in attacks is reportedly driven by the rise of the so-called "triple extortion" technique. With this, attackers undertake a three-pronged approach wherein the attackers ask for ransom for the decryption of the encrypted data, ask for a ransom to prevent the stolen data from going public, and threaten customers, business partners, and vendors with the publication of the stolen data.
The report highlights the spate of high-profile attacks particularly the serious SolarWinds incident that affected various institutions, the Codecov attack in April, and the Kaseya VSA ransomware attack in July. These notorious incidents are said to have broken records and cybersecurity experts are expecting more to come.
Ransomware is a global problem
Just recently, the United States led a summit to tackle the problem of cyber attacks and foster international cooperation. In this event, representatives from some 30 participating countries shared their experiences in dealing with disruptive attacks that have plagued the world in addition to the pandemic.
Yigal Unna, Director of the National Cyber Directorate of Israel, shared that they recently suffered from a major incident. "I can disclose now that Israel is experiencing, as we speak, a major ransomware attack against one of its big hospitals," Unna conveyed.
Germany reported a similar problem, saying that the government of its eastern district of Anhalt-Bitterfeld had its first-ever encounter with a cyber disaster. This happened after they were hit by a crippling ransomware attack.
The problem of ransomware has been notably conspicuous over the past years. In the summit, the US also admitted to having been the target of several serious ransomware attacks. Since this cyber attack started gaining traction with the massive WannaCry outbreak of 2017, it has only grown bigger and worse. The pandemic made it even more viable for cybercriminals to land successful attacks since many organizations have shifted online with minimal or no adequate knowledge and experience in cybersecurity.
Other countries have also indicated their worries over the worsening ransomware problem. These include Japan, India, the United Kingdom, France, Germany, South Korea, Israel, Mexico, and Kenya. The Czech Republic and Ireland have also reported that their hospitals have been assailed while South Africa suffered serious disruptions in their maritime infrastructure.
Some of the biggest ransomware threats reported over the past couple of years include the RDP-specialized Ryuk, the data-theft-and-encryption-driven Maze, and the different ransomware from the REvil group, which is said to be responsible for the Kaseya and JBS attacks. Lockbit and DearCry have also been making their presence noticeably felt.
The ideal solutions
Ransomware is said to have been in existence since 1989. Why is it that they seem to remain unpreventable? The answer to this question is similar to why most other cyberattacks continue to threaten the modern world of digital devices and the internet: evolution. As new cybersecurity solutions are developed to address specific forms of attacks, the attacks morph into something more sophisticated, persistent, and aggressive.
Addressing the ransomware problem entails perpetual evolution or improvements in cyber defenses. Simply having basic protection does not suffice. The best solution to deal with the problem consists of several tools and measures, which can be summarized as follows:
- Exercising cybersecurity best practices - Organizations need to invest in cyber awareness training and education to significantly reduce the likelihood of employees or insiders becoming unwitting accomplices to cybercriminals. Secondly, it is important to update all software or patch them regularly to make sure that there are no opportunities for bad actors to exploit software vulnerabilities. It is also advisable to have a reasonably strict user authentication system. Additionally, it is crucial to always have secure data backups.
- Minimizing the attack surface - Best practices never guarantee absolute protection, so it is also important to implement other solutions like the reduction of the attack surface. This is done by making sure that a network or system has a sophisticated system to raise alerts about and promptly address phishing messages, unpatched vulnerabilities, remote access security weaknesses, and malicious software that target mobile and IoT devices.
- Deploying effective anti-ransomware solutions - Religiously abiding by cybersecurity best practices and reducing the attack surface will also be insufficient without a good anti-ransomware tool or system. It is important to have an anti-ransomware solution that is capable of detecting an extensive range of threats, can detect threats quickly, and will implement fast automatic restoration. The solutions employed should also be continuously tested to ensure that they are working as they should.
Still, the best practices, minimization of the attack surface, and deployment of effective anti-ransomware solutions may not be enough. The global ransomware problem, especially the state-sanctioned attacks, will undoubtedly be a formidable challenge. Countries would have to work together to be able to make a significant dent in the problem.
In the summit, White House National Security Advisor Jake Sullivan asserted that "No one country, no one group can solve this problem." He called on the governments of other countries to "recognize the urgency of the ransomware threat," emphasizing the need to collaborate.
It would be extremely difficult for just one or a few organizations or cybersecurity departments to keep up with all the new cyber attacks with innumerable origins. Even established organizations with vast resources and networks are having a hard time keeping up with all the attacks.
The recent ransomware attacks on media groups show how important it is to work together to address the problem. If ransomware perpetrators can successfully disrupt media groups with state-of-the-art cybersecurity defenses and well-oiled security departments, it is hard to be optimistic that the problem will soon be kept under control.
Exhausting all possible solutions
Those who continue to downplay the seriousness of the ransomware problem are bound to eventually bear the brunt of more sophisticated and treacherous cyber attacks. It makes perfect sense to be more vigilant now than to desperately scramble for mitigation and restoration when the attacks have already managed to penetrate defenses.
The US-led summit on addressing cyber attacks is a good start towards a better response to the global ransomware problem. Having the mindset of expecting the worst is not necessarily counterproductive and unnecessarily paranoiac. The threat is real and refusing to give it a resolute response by exhausting all possible solutions does not bode well for everyone who use computers and the internet.