You might have noticed that ransomware attacks have seen a surge in popularity recently that most say will likely continue for some time. It’s not that ransomware attacks are new; the first documented ransomware attack was the AIDS trojan back in 1989. It’s just that they’ve become much easier for thieves to monetize with a tempting combination of “double extortion”, cryptocurrency, and ransomware code sharing by a global community of hackers that makes attacks much easier for even the laziest of cybercriminals.
Ransomware Captures the Bronze
These are the primary reasons ransomware has climbed to the number three spot in total breaches worldwide, according to the 2021 Verizon Data Breach Investigations Report. Along with that distinction, the number of ransomware attacks doubled from the prior year and now represent 10% of total breaches worldwide, despite the increased attention and funding businesses continue to spend on their layered security defenses.
What is Ransomware?
If you’re new to the world of cyberattacks, ransomware installs malware in a victim’s environment and encrypts whatever data an attacker can access and hold for ransom until the victim paid the ransom in exchange for the decryption key. More recently, however, attackers have discovered they could also blackmail their victims by threatening to share the sensitive data they acquired to publicly shame them into paying the ransom. This “double extortion” has now become the principal threat to companies that thought they had outsmarted these crooks by regularly backing up copies of their data.Â
As many victims will attest, a well-executed attack can cripple an organization for days and even disrupt the operations of its customers, as with the Kaseya attack. Ransomware attacks are now seen by many as an existential threat to the business community.
To counter this, organizations need to not only make copies of their sensitive data, just in case, but also invest in tools to identify and prevent suspicious traffic from ever getting into the network in the first place. This is where intrusion detection, firewall, and other security gateways can help.Â
Cryptocurrency & Ransomware as a Service
The popularity of cryptocurrency has also added to the attractiveness of ransomware attacks since demanding payment in bitcoin takes advantage of the anonymous and untraceable nature of cryptocurrency. In fact, ransomware payments through cryptocurrency totaled almost $350 million in 2020, which showed a 4x increase from the prior year.
What we find most interesting, however, is the industrialization of the ransomware “business”. What was once a fiercely independent universe of hackers has evolved into a global tribe of collaborative businesses. The combination of bitcoin and the dark web has come together to enable entrepreneurial thieves to monetize their experience by packaging and selling the data and tools from prior attacks to the highest bidder. And business is booming!Â
The bottom line is that ransomware is not going anywhere. Criminals know there are plenty of businesses out there, new and old, that can’t possibly keep up with all the requirements needed to protect their networks in the era of hybrid-clouds, remote workers, and the virtual enterprise.Â
Where to start the defense
The best defense against a debilitating attack is to deploy a defense-in-depth strategy that includes regular data backups and effective elimination of malicious traffic coming in and out of the network. To address the latter, a good place to start is to shield your business from every known threat identified by the global threat intelligence community.Â
CleanINTERNET can help by proactively shielding your network from 99% of globally-mapped threats identified by the threat intelligence community in near real time.Â