In recent years, ransomware has emerged as one of the most significant cyber scams targeting businesses. This malicious software allows hackers to restrict access to vital information, demanding payment to lift the restrictions
In today’s technologically advanced world, the rise of cyber crimes has become an undeniable concern. One such alarming menace is ransomware, which poses a grave threat to society’s digital landscape. There is a very famous quote “With great power comes great responsibility”, this is quite appropriate in the context of the cybersecurity realm as threats too are getting advanced in parallel to technological advancements.
In recent years, ransomware has emerged as one of the most significant cyber scams targeting businesses. This malicious software allows hackers to restrict access to vital information, demanding payment to lift the restrictions. The most prevalent form of restriction involves encrypting crucial data on computers or networks, effectively holding user data or systems hostage.
During the BW Security World Conclave and Excellence Awards held in September this year, Akhilesh Tuteja, the Global Leader-Cyber Security, KPMG, emphasised the alarming value of the ransomware market, estimating it to be worth over $8 trillion. To put this figure into perspective, it surpasses the GDP of Germany, ranking as the fourth-largest economy in the world.
Another security veteran Yashovardhan Azad said “As technology is multi-faceted and a force multiplier today businesses need to adapt a holistic approach to tackle those challenges as there is big change in technology space that possesses certain threats in that context we need to react quickly”.
Signifying the immense financial implications of successful attacks. However, the consequences extend far beyond the ransom itself. Organisations face additional challenges such as lost productivity, reduced business opportunities, customer inconvenience, and potentially permanent data loss.
Development of Ransomware as a threat
The concept of ransomware is not a recent phenomenon. As early as 1989, Dr. Joseph Popp distributed a trojan known as PC Cyborg, which concealed folders and encrypted files on the C: drive of PCs. A ransom message demanded a payment of $189 to the PC Cyborg Corporation, rendering the affected PC inoperable until the ransom was paid and the malware’s actions reversed.
Initially, ransomware attacks primarily targeted individual users and small businesses opportunistically. The ransom demands were typically modest, amounting to a few hundred pounds for an individual PC. Criminals perceived end users as easy targets and preyed on their vulnerabilities. However, their focus has recently shifted to larger organisations with greater financial resources, enabling them to demand larger ransoms.
A case that highlighted the impact of ransomware was the WannaCry attack in May 2017, infecting 7,000 computers within the first hour and over one hundred million IP addresses within the initial two days. Although the spread of this infectious malware was eventually halted, it exposed the amateurish nature of the attack. Another variant of WannaCry which caused a considerable uproar in 2018 ultimately forcing Taiwan semiconductor Manufacturing company and several other chip-fabrication factories to shut down.
Measures to curb a Ransomware attack
While organisations often turn to data backups for post-attack remediation, this approach has limitations. Backup systems provide a smart choice for preserving data, but they fail to address the issue of double extortion. To effectively prevent ransomware attacks, organisations must implement a comprehensive strategy that encompasses the following actions:
Following Security Hygiene Best Practices
Timely patch management and regular updates of operating systems and other software are essential. Additionally, implementing a security awareness program for employees and deploying best-in-class security solutions on the network are critical.
Implementing Multi-Layer Prevention Capabilities
Enterprises should adopt prevention solutions like NGAV (Next-Generation Antivirus) across all endpoints within the network. This approach thwarts ransomware attacks exploiting both known tactics, techniques, and procedures (TTPs) as well as custom malware.
Deploying Endpoint and Extended Detection and Response (EDR and XDR)
These solutions are instrumental in detecting malicious activity, such as RansomOps attacks, across the entire environment. The visibility they provide helps prevent data exfiltration and the delivery of ransomware payloads.
Ensuring Key Players Can Be Reached
It is crucial to have responders available at any time, including weekends and holidays, to address security incidents promptly. Assigning clear on-call duties for off-hours incidents is essential for effective mitigation.
Conducting Periodic Table-Top Exercises
Regular cross-functional drills involving key decision-makers from various departments, including Legal, Human Resources, and IT Support, ensure a smooth incident response process. Involving the executive team is vital as well.
Ensuring Clear Isolation Practices
Teams should have expertise in disconnecting hosts, locking down compromised accounts, and blocking malicious domains to prevent further infiltration or the spread of ransomware. Conducting scheduled or unscheduled drills once every quarter helps verify personnel proficiency and procedure effectiveness.
Evaluating Managed Security Service Provider Options
When organisations face staffing or skills shortages in their security teams, pre-agreed response procedures with Managed Security Service Providers (MSPs) enable them to take immediate action based on an agreed-upon plan.
Locking Down Critical Accounts for Weekend and Holiday Periods
Attackers often propagate ransomware across networks by escalating privileges to the admin domain level. To counteract this, teams should create highly-secured emergency-only accounts in the active directory, only using them when other operational accounts are temporarily disabled or inaccessible during ransomware attacks. Similarly, VPN access availability during weekends and holidays should be limited based on business needs.
By implementing these preventive measures, organisations can enhance their resilience against ransomware attacks and reduce the potential damage caused by these malicious campaigns. Prioritising cybersecurity and staying vigilant are essential in combating the ever-evolving threat landscape.
Enhancing public awareness and education about ransomware’s risks plays a vital role in reducing vulnerabilities. By fostering a cybersecurity-conscious society, individuals can better identify suspicious activities, differentiate genuine emails from phishing attempts, and take appropriate action, thereby thwarting potential ransomware attacks.
Ransomware continues to pose a significant and growing threat to our society’s digital fabric. To combat this peril, a comprehensive approach is needed. By understanding the dynamics of ransomware, bolstering defences, encouraging collaboration, and promoting cybersecurity awareness, we can effectively curb its impact. Society must unite in this endeavour, protecting the digital realm from the clutches of ransomware and securing a safer future.
