Has ransomware gone mainstream? asks Jonathan Wood, pictured, CEO, C2 Cyber.
With more than 1,000 victims reported in 63 countries across 18 industries in the first half of 2021, and an attack predicted to take place every 11 seconds, according to Cloudwards, ransomware is becoming one of the fastest-growing threats in recent times. In fact, the number of ransomware attacks has been so frequent that SonicWall’s 2022 Cyber Threat Report revealed governments worldwide saw a 1,885 per cent increase in 2021.
Growing from small-time intrusions to large-scale attacks, ransomware has evolved in both severity and profitability with ransoms increasing from hundreds of dollars to millions. This has elevated cyber security to the top of the boardroom agenda as well as the highest levels of government. So, as threats continue to escalate at an alarming rate, has ransomware finally gone mainstream? What will the repercussions be for 2022?
Rise of Ransomware as a Service (RaaS)
With the development of RaaS, ransomware attacks have become a highly profitable business for hackers. Developers sell or lease compact, easily deployable, and scalable malware toolkits to individuals and groups on the dark web, making RaaS accessible to a wider and less technical audience. RaaS is offered in bundles and discounts, with 24-hour support and user reviews, similar to buying a legitimate Software as a Service (SaaS) product. Indeed, buying and using a RaaS kit or service package has become so easy that almost 44% of the RaaS kits bought across the dark web are eventually used for attacks.
Phishing is still the most common attack vector
While the scale of ransomware has evolved in recent years, phishing is still the most common attack vector; 42 per cent of ransomware attacks start with a simple and often non-targeted phishing email with the purpose of duping the victim into either downloading malware through email attachments or clicking on a malicious website link. Hackers can then establish an entry point into your network and from there initiate a ransomware attack. However, phishing attacks have now extended beyond emails to social media, malicious mobile apps, SMS and even corporate collaboration platforms.
Implication of a ransomware attack
There’s no doubt the impact of a ransomware attack is significant and can knock your business out for days or even weeks, disrupting your operations and bringing it to a standstill. Not to mention making you shell out millions to pay the ransom, if you choose to pay. But while hackers ask you to make a payment within a set amount of time or risk losing your data, paying up doesn’t always ensure your access will be restored. 92pc of companies who paid a ransom last year didn’t get their data back, with the average company only getting back 65pc, according to Sophos’ ‘The State of Ransomware 2021’ report.
But while you might think your organisation is safe after spending millions on tightening up the security measures across your network, ransomware attacks via the supply chain pose a huge threat to organisations. With a four-fold increase in supply chain attacks in 2021, organisations cannot afford to take security risks, especially when the impact is the downtime of systems, monetary loss and reputational damage. All it takes is a supplier to click on a phishing email and they could end up being a gateway for hackers to access and encrypt your sensitive data.
Take the supermarket chain, SPAR, which in Dec last year had to close more than 300 stores following a ransomware attack that shut down card payment machines and impacted back end IT systems. The attack, which originated from within the systems of the wholesaler and food distributor James Hall & Co, who supplies about 600 SPARS across the region, meant stores had to either close to shoppers or resort to cash payments only.
Repercussions for 2022
It’s clear that ransomware has become mainstream. As it continues to evolve, with the proliferation of RaaS opening up the technical and financial barrier to entry and driving an increase in ransomware attacks, organisations are justifiably concerned.
This year, we’ll see additional steps in the attack process, such as hackers leaving residual malware in a system enabling them to re-enter the network and launch repeat attacks at a later date. Also, hackers may incorporate data theft when encrypting files to help incentivise victims to pay the ransom. So, if the victim refuses to pay up, the hacker might threaten to reveal stolen data putting the victim at risk of breaking regulations or having their sensitive data exposed.
While the repercussions for 2022 appear alarming, planning ahead and protecting your organisation from ransomware attacks should be your number one priority. From regularly backing up your data and deploying anti-malware with up-to-date signatures to protect your systems, to education and awareness among your employees to managing risk across your supply chain. Only then will you have any chance of ensuring you never come face to face with the grim realities of a ransomware attack.