Last year, businesses experienced a slew of ransomware scams, where attackers tried to benefit from the uptick in remote working. Sadly, 2020 was just a teaser for what is to come. Here, Natalie Page, Threat Intelligence Analyst at Talion, says it’s time for the cybersecurity industry to find the most effective antidote for the ransomware pandemic.
We are not even two months into the start of the new year, and we have already witnessed major ransomware attacks on Serco, U.K. Research and Innovation, CD Projekt Red and Hackney Council. This means the predictions are possibly a good indicator of what is yet to come. However, they could even downplay just how bad things might get, particularly in light of the COVID pandemic forcing almost a quarter of U.K. employeesOpens a new window to work remotely, which research suggests increases the risks of organizations falling victim to ransomware attacks. This is because of weaker security defenses on home networks and users being more likely to click on phishing emails, especially those related to COVID news.Â
The COVID pandemic has essentially provided the perfect breeding ground for ransomware attackers: companies were forced to digitally transform overnight and adopt remote working at scale without the required security training or tools. While employees working from home have dissolved the network perimeter even further and enabled an environment for ransomware operators to excel.Â
This has meant that while organizations are under significant pressure from the pandemic, they are also experiencing a tsunami of ransomware attacks, looking to take advantage of their vulnerable position for financial gain.Â
Learn More: Deep MFA: A Smarter Way to Protect Backups from Ransomware Attacks
The State of Ransomware in 2020
When looking back at 2020, it is fair to say it was a challenging year for businesses across the board. Not only had many been forced to adopt remote working at scale without the necessary security requirements, cybercriminals also increased their volume of attacks in a bid to benefit out of businesses cutting security corners to allow their employees to work from home. The huge uptake in remote working also opened a gateway for ransomware to thrive and there were several major attacks throughout the year, which shocked the security community.Â
Attackers found new ways to scale their intimidation techniques, with companies being threatened over the phone if they refused to pay the ransom. The notorious Maze operators established the first-ever large-scale ransomware cartel, while operators of Ryuk reportedly reached a staggering $150 million worth of Bitcoin repayments from their attacks. There was also an uptick in Ransomware-as-Service attacks where cybercriminals held computers infected with the Emotet malware hostage until a fee was paid. Attacks on the healthcare sector also increased and 2020 also witnessed what the security industry had been predicting for years – the first death and homicide case was opened after a ransomware attack on a German hospital shut down lifesaving equipment.Â
In summary, 2020 was the year of the ransomware pandemic. There was a huge influx in attacks, which showed the security industry that ransomware criminals showed no mercy and were hitting organizations when and where it hurt the most. The bad news is that most security experts believe 2020 was just a trailer for what is yet to come. So, what is the most effective vaccine to mitigate this ransomware pandemic?
Learn More: Want to Stay on Top of Cyber Threats? Try Thinking Like an Attacker
Ransomware Defense
Unfortunately, no company is immune to ransomware, and there is no specific vaccine against the threat.Â
This means the most effective remedy all comes down to training staff about the threat and raising awareness around security best practices, for instance, not clicking on links or opening attachments in emails from unknown senders.Â
There are security tools that can protect against known ransomware variants, but with the threat evolving so quickly, employee education is always the first line of defense. It is also essential to carry out continuous backups and segment the network so that even if ransomware does get in, it can’t travel very far. IT teams should divide the network in small neighborhoods and employees should only be given access to the network areas they need to perform their job. This is especially important for employees working remotely or connecting to the company network via non-corporate devices.Â
Cyber insurance is also an important part of an organization’s defenses against ransomware, but with so much discussion now on whether payments are fuelling the industry, it should never be seen as a panacea to the threat. It is also worth remembering that even if a company pays a ransom demand, there is no guarantee their data will ever be returned. Employee education and the correct processes and security implementations are by far the most critical lines of defense.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!