Cybercrime is ever evolving and becoming more lucrative for criminals, meaning that businesses are facing an increasing number of cyber-attacks. Ransomware remains one of the most prolific types of cybercrime. According to the McAfee Lab Threats Report, these attacks grew by 118% in Q1 this year. The focus for ransomware has changed from a broad-spectrum attack, catching anyone on the internet for a few dollars; to a concentrated attack with pinpoint accuracy, aimed at much deeper pockets. Large scale public institutions – such as government, education, healthcare, and community infrastructure systems – are popular targets for these types of attacks. Centralised management plus the critical nature of IT records contribute to these industries becoming prime targets. Additionally, these organisations maintain a vast array of systems, so it is difficult to maintain patch levels and update obsolete systems.
Cybercrime complexities
As cybersecurity evolves, so too does the ransomware designed to penetrate its protection. With each new advancement, a new strain of ransomware is created. The combination of rapidly-advancing ransomware plus targeted attacks means that hackers can demand substantial ransoms from large companies and government entities who look to preserve what is theirs.
There is an entire ecosystem of hackers on the dark web. At present, we are witnessing a growing trend in Ransomware-as-a-Service (RaaS), where professional cybercriminals manage the distribution of ‘ready to go’ ransomware which is easy to purchase. This additional threat makes large corporations and public entities particularly vulnerable as they contend with cyberthreats from hackers specialising in deploying ransomware, who are supported by those who are responsible for creating and distorting.
In the past, ransomware attacks that destroy data, such as GermanWiper, have typically been solely used by hacktivists. Whilst this is something to be aware of, it’s highly unlikely that this form of ransomware will become a sustainable business model for cybercriminals in the future. This is because companies won’t pay a ransom if there is no possibility of recovering their data.
A layered approach is the best approach
Nevertheless, as attacks become increasingly tailored to their target, it’s important that companies go back to basics when it comes to cybersecurity hygiene. The best way to do this is by utilising existing control frameworks such as the CIS Critical Security Controls as part of a layered approach to security. This can help companies protect themselves from inside and out.
Seamless and efficient patching is a vital pillar of a secure approach to cybersecurity, although manual patching can be time-consuming and complex. In a bid to overcome these bottlenecks, security professionals frequently use automation, which ensures companies can quickly identify and securely patch known vulnerabilities. The addition of automation helps security professionals to achieve the scale and repeatability demanded by the patching process. Additionally, auditors want to see that patches have been applied in a consistent manner. Automated patch management helps make sure that a business’ systems are patched more consistently and correctly.
While patching is a good foundation, the key to a solid cybersecurity strategy is implementing a layered approach – additional layers can include includes whitelisting, anti-virus protection and email filters. When it comes to the workforce, companies must also invest in educating their staff to ensure they are aware of the threats the business faces and the many forms they can take, as phishing emails are a key entry point into the network. These attacks are embedded in emails that appear legitimate on face-value. If a user clicks on a malicious link, the ransomware will gain access to the network and encrypt the files contained on it, allowing the hacker to demand a ransom for the safe return of the data. When operating in tandem with anti-virus software, email filters and patching, education and awareness can strengthen a company’s defence against ransomware.
Preventative measures are only half the battle. Businesses should also have a disaster recovery plan in place. As an added layer of protection, companies should regularly back-up their data off-site as this will allow them to access it even if it’s been encrypted.
Ransomware is a threat that is growing in complexity and impact. With cybercriminals operating with such complexity, companies that implement a watertight cybersecurity strategy that amalgamates patching, whitelisting, application control, awareness training and regular backups, stand themselves in good stead against potential attacks. A layered approach such as this is the winning ticket in the battle against ransomware.