Greater exposure is both good news and bad news when it comes to new ransomware threats. While ransomware attacks themselves are never good news, it is a positive sign that these attacks are receiving more media attention, such as the attack on an entire hospital chain, an attack on a Las Vegas school district and even an attack on a coffee machine.
With ransomware more top-of-mind, companies are taking more proactive steps to protect themselves. On the other hand, bad actors have taken notice. They’re ramping up their attacks and growing their operations at a massive scale. As bad actors turn the needle past 10, staying up to date will be critical. How can the enterprise flip the script? Are there prevention strategies that are more practical and up to date?
Not Your Father’s Ransomware Trends
One group, Maze, takes its attacks a step further by shaming the victims and naming the company on a website. If the victim refuses to pay, a sample of the victim’s stolen data is added to the site as evidence.
We must remember groups like Maze are criminals and structured like criminal groups. As more victims refuse to pay, they’re going to do what they do — keep the cash flow going. Therefore, they’re stealing more data and selling it to other criminal groups, or even to victims’ rivals.
These new ransomware threats are an unwelcome plot twist in the script companies must follow for cyber threat prevention, like refusing to pay or loading up on insurance.
What to Do About Refined Cyber Threats?
“In the last six months, we’ve seen more actors adopt the exfiltrate-and-encrypt strategy, demands have continued to steadily increase and actors are pushing further into the enterprise space with more multi-nationals being successfully targeted,” says Brett Callow, threat analyst and ransomware specialist at Emsisoft.
The demands are growing well in line with the level of refinement, Callow explains. The highest publicly known demand is $42 million, while the highest demand not publicly known is said to exceed $1 billion. Emsisoft anti-malware’s conservative estimate of the ransomware costs to the global economy is approximately $170 billion, with $25 billion of those losses attributed to the payment of demands.
“In other words, ransomware has morphed from a relatively small problem to a multi-billion dollar industry within a fairly short period,” Callow says.
These numbers are not possible if bad actors aren’t running their own businesses well. According to Callow, many groups like Maze operate on an affiliate model. Because of this, those who created the new ransomware threats aren’t always the ones carrying out attacks and handling ransoms.
Maze has also formed a cartel with other groups, he adds, engaging in “content syndication” to publish data on more than one leak site and possibly share opportunities.
The level of refinement varies significantly from group to group, but some operate in much the same way as above-board businesses, providing ‘clients’ with prompt service and, in some cases, even guaranteed response times.
It may sound honest, but these groups are criminal gangs. What’s even more concerning, some attacker groups are known to have connections to nation-state actors.
“Evil Corp, which operates WastedLocker ransomware, is claimed to have connections to the Russian government,” Callow adds, referring to a US Department of Treasury release that highlights the Russian government’s use of threat actors.
Know the Risks of New Ransomware Threats
For the enterprise hoping to evade new ransomware threats, these changes can be frightening. But knowing the risks is paramount. For example, every entity must understand that the stakes go well beyond financial, more so because many ransomware attacks are also data breaches.
In addition to the costs directly coming from the encryption event, Callow lists several other hurdles victims may also have to deal with. For example, these include regulatory penalties, class action lawsuits, loss of intellectual property, reputational damage resulting from the exposure of the clients’ data and a myriad of other problems.
Despite this difficult atmosphere, the enterprise can take action to help mitigate risks and minimize damage from new ransomware threats.
How to Protect Against Ransomware
IBM X-Force recommends five specific strategies to protect yourself from new ransomware threats:
- First, establish and maintain offline backups.
- Next, create a strategy to prevent data theft.
- Apply user behavior analytics to identify potential incidents.
- Use multifactor authentication on all remote access points.
- Finally, implement penetration testing to identify weak points and risk on your networks.
For the latter, X-Force recommends implementing mitigations for CVE-2019-19781, which numerous threat actors have leveraged as an entry point into enterprises last year — including for ransomware attacks.
In addition to these strategies, Callow recommends patching promptly, disabling PowerShell and Remote Desktop Protocol when not needed, limiting admin rights, practicing good password hygiene and conducting regular security awareness training.
“Organizations should assume their perimeters will be breached, and should put in place the tools and processes to monitor their environments for indications of compromise,” he advises.
Is Cyber Insurance Worth It?
Another strategy many groups are leaning on recently is cybersecurity insurance. While it can be a helpful tool in the fight against new ransomware threats, Callow suggests it’s a double-edged sword.
“On the one hand, it provides companies with a degree of insulation against the financial consequences of an attack,” he says. “On the other hand, some reports suggest that it may be exacerbating the problem as insured entities may be more likely to pay ransoms — which helps fuel the cycle of cybercrime.”
The serious concern for experts like Callow is that as demands increase, companies are forced to take on more insurance. This, in turn, puts them in a better position to pay large sums, which leads to a vicious circle of constantly escalating demands.
The Future of New Ransomware Threats
While poorly-worded and easy-to-spot email attacks are still prominent, bad actors are expanding their reach and improving their attack methods. The threat posed by today’s and tomorrow’s ransomware cannot be emphasized enough.
“The groups are using APT-level tools and techniques to successfully attack and extract data from — hospitals, government agencies, companies in the defense industrial base sector, financial institutions and public and private entities across every sector,” Callow says.
These incidents represent a risk to national security, election security, economic interests and, of course, individual privacy.
“Unfortunately, the situation is only likely to worsen as the actors becoming increasingly motivated, emboldened and better resourced,” Callow notes. “The only solution we see to the problem — and it’s something we recently called for — is a prohibition on the payment of ransom demands. Ransomware exists for one reason and one reason only: it’s profitable. The only way to stop attacks is to make them unprofitable, and that means companies must stop paying ransoms.”
Despite the chaotic outlook, the presence of new ransomware threats doesn’t need to be as devastating as it seems. An approach as simple as having a foolproof backup system can reshape a horrific incident into a mere nuisance. And, as you add any of the suggested strategies mentioned above, the level of risk from new ransomware threats decreases.
Knowing that your group practices good security hygiene may just be enough to help you sleep better at night.