2021 witnessed a dramatic surge in ransomware attacks with ransom amounts continuing to escalate. Cybercriminals are also intensifying their targets, shifting their focus to critical infrastructures and evolving their attack campaigns, which can cause long-lasting devastation.
With a ransomware strike expected to attack businesses every 11 seconds by this year-end, these attacks are seemingly morphing from spray-and-pray phishing blasts into highly targeted and crippling network-spanning invasions which can substantially jeopardize the operations of companies for weeks and even months. Indeed, a Barracuda report finds 79% of India organisation said their organization has been the victim of at least one ransomware attack in the last year.
Unlike the direct WannaCry-style “compromise and encrypt” attacks that occurred a few years ago, attackers are now opting for a sophisticated multi-vector approach. Even though attacks would be conducted with a spear-phishing email, they don’t get triggered immediately when the target clicks the malicious link. Today, cybercriminals use this step to only steal the credentials of a victim and use them eventually to access the organization’s network and loiter there further to evaluate assets, servers, databases, and the email platform. This surveillance can last for weeks or even months before they unleash their attack.
Therefore, CIOs, CISOs (Chief Information Security Officers), and IT security teams must amplify their awareness and response mechanisms to avert such threats. Cyber defensive frameworks must take into accounts the roles and responsibilities of each and every personnel to shed light on the various intricacies of ransomware attacks; what they are, how they infect entire organizations, and how to neutralize it.
As ransomware attacks continue to rise around the world and disrupt businesses and critical services, the U.S. government is now treating them as acts of terrorism. The U.S justice department recently seized assets worth US$6.1 Million which were accounted to notorious Ukrainian ransomware extortionist Yaroslav Vasinskyi who conducted the attack against Kaseya, a multi-national information technology software company. Back home, in Jan 2021, the Cybercrime unit of the Delhi police also busted a trans-national malware and fraud syndicate which led to the arrest of 12 rogue defaulters who acted as masterminds of the outfit and duped over 39,781 victims.
Amidst mounting pressure from law enforcement agencies and cybersecurity agents worldwide, cybercriminal gangs are digging deeper and going underground. They have refined their tactics to create a higher ransom extortion scheme. The initial ransom ask may not be the final demand. So, if ransomware victims plan to pay, they need to exercise negotiation options. The outcome can be savings in the millions. Unfortunately, even after the payments are made, criminals can sell the data. Attackers often start with small organizations that are connected to the larger targets and then work their way up.
So, the initial steps towards safeguarding an organisation from any possible ransomware attack involve assuming vulnerability and setting a goal of not paying the ransom. Once that has been taken care of, it is necessary to implement anti-phishing capabilities in email and other collaboration tools, and consistently train your users for email security awareness to prevent credential loss. Companies should also secure their SaaS applications and infrastructure access points. Besides using multi-factor authentication, it’s best to implement Zero Trust Access based on endpoint security posture . Finally, it is crucial to backup business data and stay put with a secure data protection solution to identify the critical data assets and implement disaster and recovery capabilities. Organisations can also encrypt and keep copies of all their data, including those from cloud-based applications in multiple locations, with restricted access and multifactor authentication. These steps can knock back attackers, driving organisations to put their foot down against the ransomware criminals confidently.
Views expressed above are the author’s own.
END OF ARTICLE