Ransomware has evolved from being a nuisance to a full-blown cybersecurity crisis in recent years. In a ransomware attack, a malicious actor penetrates a corporate network and encrypts vital data, making it unusable—offering to decrypt it only in exchange for payment of a ransom. This type of attack can paralyze an organization until it is resolved, even threatening a company’s ability to function over the long term. In 2020, ransomware cases grew by 150%. Nearly 8 in 10 American companies are experiencing attacks and escalating ransom payments.
What is ransomware and how does it work?
Ransomware is malware. It can be delivered through a variety of mechanisms, but email is one of the most common attack vectors. Attackers send a ransomware-infected email, the recipient opens a file or clicks on a link, and inadvertently downloads the ransomware malware onto his or her device. The malware then enters the network, installs itself on servers, storage, databases, network appliances and so forth. Once activated, the ransomware malware encrypts the data on the target systems—rendering the data, or the system itself, completely unusable. Remote Desktop Protocol (RDP) sessions, often disguised as a request from an internal IT support representative to fix a fake problem with an employee’s computer, is also a popular vehicle for delivering the attack payload.
Once the data is encrypted, the attacker contacts the victim and promises to decrypt their data upon payment of a ransom. The ransom is typically payable in cryptocurrency. Learn why cryptocurrency is making ransomware worse. The amount could be as little as a few hundred dollars for a small business all the way up to millions if the target is a major corporation or government entity. The average data breach costs $4.2M, according to IBM. Much of the interaction is automated, so the target may think he or she is talking to a real person when in fact the ransom message and decryption instructions are coming from software robots.
Is ransomware a threat to my business?
Ransomware is a serious threat to any business or organization, including any size or type of business. You might think bad actors are after financial information or healthcare records but that’s a bad assumption. They aren’t choosy, targeting every industry, including public sectors, educational organizations, and nonprofit organizations. Almost any kind of organization can be a target. Attacks have been extremely widespread and successful. And, the ransomware threat will take advantage of a broad attack surface which includes:
- Email systems
- Device vulnerabilities, which are of particular concern when 56% of employees use personal devices to perform work functions
- Administrative solutions, e.g., Remote Desktop Protocol (RDP)
- Social engineering/spear phishing
- Software vulnerabilities
How is ransomware spread?
Ransomware infections can spread more and more. This is one of the reasons it can be so devastating. It has the potential to lock you out of everything. Malware moves laterally across networks. It enters the network at point A, but then moves to points B, C and D—encrypting data as it moves laterally. For this reason, countermeasures such as network segmentation security, which restrict lateral movement, help mitigate the ransomware threat.
What are the top ransomware targets?
As of now, just about any business, organization, non-profit, or government entity can be a ransomware target. Healthcare organizations, industrial sites (operational technology/OT), school districts, local governments and utilities are some of the most common targets. However, all businesses have risk exposure for ransomware.
Masergy finds that many businesses assume they are not a target because they don’t handle sensitive or personal information, such as financial statements or healthcare records. But this is a big mistake. Nothing could be further from the truth. Any type of corporate information can be held for ransom. If it’s valuable to your organization, a cybercriminal will encrypt it and ask you to pay them in order to get it back.
How do I protect against ransomware?
It is possible to mount a successful defense against ransomware. For one thing, good overall cybersecurity is the best protection, but security can be difficult to maintain consistently everywhere all at once. As mentioned earlier, countermeasures that limit lateral movement are helpful in reducing the impact of an attack. Endpoint protection, including endpoint detection and response (EDR) services, also helps. If an attacker is unable to compromise a device like a smartphone, they will be blocked from hopping over to the main network. Email filtering and anti-phishing solutions should be part of the ransomware risk mitigation portfolio as well. Robust data backups can also be effective at reducing the impact of an attack, too.
Why are ransomware threats on the rise?
Ransomware threats are on the rise mostly because the threat is revealing itself to be an incredibly effective mode of cybercrime. It pays well. It’s relatively easy to do. Consider that attackers even have software known as ransomware as a service, and they face virtually no criminal consequences. This is because ransomware attackers are almost all located outside of the countries they attack. They might be in Russia or China, for instance, while the victims are in the US and UK. They will never face the law in the US or UK. And, for reasons that are not well understood, the countries that host ransomware gangs are not making serious efforts to limit their criminal activities.
The attacks are also becoming more sophisticated, but less expensive for the attacker. Ransomware attackers can avail themselves of technologies like deepfake video generation and AI-powered language tools. Read more on that here. Using such technologies, attacking software bots can mimic human beings so well that they can trick victims into communicating sensitive data like system login credentials to the attacker.
A further reason ransomware is on the rise has to do with the increasing popularity and utility of cryptocurrencies. Until fairly recently, a ransomware attacker would have to take payment in dollars, which are traceable through banks and platforms like PayPal. No more. Now, ransomware attackers can demand ransom in bitcoins and the like—totally untraceable and easy to move around the world without fear of capturing the attention of law enforcement.
But what’s more: today’s business trends like work-from-home and IoT are giving attackers more playing field.
What is the future of ransomware?
Unfortunately, it seems that ransomware has a bright future for attackers. The growth in ransom payments and increasing frequency of attacks suggest that the attackers are poised for even greater feats of cyber criminality. No single technology appears capable of being a total solution—stemming the tide of attacks.
That said, there are reasons to be hopeful that the ransomware crisis will be contained. The explosion in attacks is leading to a commensurate level of investment in defenses. More organizations are deploying countermeasures like network segmentation, Security Access Service Edge (SASE) architecture, Zero Trust security and related techniques that make it harder for attackers to reach sensitive data and encrypt it. At the same time, increasingly sophisticated artificial intelligence (AI) tools are getting better at detecting attacks before they do too much damage.
Interested in learning more about Cloud Security?
Call us now to arrange a consultation (866) 588-5885.
Or arrange for a consultation through our request form.
SIEM and SIEMaaS
Understand the trends and pressures that make Security Information and Event Management (SIEM) an essential element of a robust security strategy.
What is Zero Trust Network Access (ZTNA)?
Explore ZTNA and its current relevance given trends in Zero Trust, SASE, and today’s need to limit access rights based on user identity.
A Guide to Endpoint Security
Learn how Endpoint Security can protect devices like desktops, laptops, mobile phones & tablets from cyber attacks such as ransomware, phishing, & more.
Digital Transformation – A Masergy Guide
A digital transformation can elevate your enterprise to a new level of agility and increase your competitive advantage. Learn how these secure global networks and cloud-based team collaboration solutions can put you in control, ready to face the future with confidence.
This 101 class explains why Cybersecurity is important and how it works, while exploring the differences between Cloud Security.
Cloud Access Security Broker (CASB) solutions are complex software systems designed for businesses with users who access cloud-based data and services that act as automated security mediators between users and cloud service providers. Learn how CASB helps to mitigate cybersecurity risks.
Masergy partners with Cisco, so clients can get industry-leading applications backed by leading network services. Here’s an FAQ guide to our partnership.
Want an overview of security, the primary technologies used, and what a managed security service provider does? Here are the answers to your frequently asked questions.