2021 & the Rise of Ransomware as a Service (RaaS)
In 2021, the number of ransomware assaults is expected to reach 100,000, with each one costing businesses an average of $170,000. In the case of Colonial, hackers only needed one password to breach the entire IT infrastructure of the company. Colonial and JBS paid a total of $15 million in ransom as a result of this. Hackers were able to obtain access to the company’s systems six months before the flaw was discovered in the SolarWinds (SWI) attack.
The shelling of ransomware attacks is forcing organizations into a constant state of defense rather than an offensive stance. The tidal flow of ransomware attacks continues to suffocate company after company; there is much conjecture about how to keep particular organizations safe, but no real agreement on how to battle ransomware as a collective.
The rise of hard-to-trace cryptocurrencies, a work-from-home boom that has resulted in new IT vulnerabilities, and a political climate around the world have all contributed to an increase in ransomware attacks. (US-Russia, China-US, India-China, India-Pakistan etc.)
Ransomware Explained — What is it?
Ransomware is a type of cryptovirology malware that threatens to publish or permanently limit access to the victim’s personal data unless a ransom is paid. While some ransomware simply locks the computer, more complex software employs a method known as cryptoviral extortion. Without the decryption key, it encrypts the victim’s data, rendering them unavailable and intractable.
When a Trojan Horse is disguised as a legitimate file and sent as an email attachment, the victim is misled into downloading or opening it, resulting in a ransomware assault. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.
Why is ransomware spreading?
Ransomware attacks and their variants are rapidly evolving due to numerous reasons that include:
· Malware kits are readily available and can be used to build new malware samples on demand.
· Implementation of novel techniques, such as encrypting the entire drive rather than individual files.
· Excessive reliance on out-of-date systems that aren’t taken offline for software updates.
Thieves of today wouldn’t even need to be tech savvy. Ransomware markets have sprung up online, giving malware strains to any would-be cybercriminal and earning additional revenue for malware creators, who frequently demand a part of the ransom money. This has evolved into a criminal economic model that allows malware creators to profit from their products called as RaaS (Ransomware-as-a-service)
Today, it has become much harder to find ransomware perpetrators. Why?
The use of anonymous cryptocurrencies for payment, such as bitcoin, makes it harder to track down criminals and follow the money trail. Open-source code and drag-and-drop platforms for developing ransomware have sped up the generation of new ransomware variations and made it easier for beginner scripters to generate their own ransomware. Furthermore, cutting-edge ransomware is designed to be polymorphic, allowing thieves to quickly overcome standard signature-based security based on file hash.
The Recent Spurt of Ransomware
Since many businesses cannot afford to have their network down for an extended amount of time, ransomware assaults are successful. As a result, many businesses adopt what they believe to be the quickest and easiest option to restore their network by paying the ransom demands of criminals.
These cybercriminals are focusing their efforts on businesses that store a large amount of personal and confidential data. They’re also looking for industries where they can cause the most disruption and turmoil (since downtime is significantly more expensive than the ransom), such as the ones listed below.
· In June, a cyberattack on JBS S.A., a multinational meat producer, shut down a quarter of American beef production for two days as the company shut down its computer systems to contain the incident
· Colonial Pipeline was forced to shut off gasoline delivery to much of the Eastern Seaboard in May due to a cyberattack, resulting in shortages across the South. In the same month, a hacker took down the databases of a San Diego medical system for two weeks
· Hackers claimed to have stolen 500 gigabytes of data, including contracts and non-disclosure agreements, from the Houston Rockets in April
· In March, CNA Financial Corp, one of the country’s top insurance companies, was locked out of its network for about two weeks due to a security compromise
· In February, hackers gained access to an Oldsmar, Florida, water-treatment plant, temporarily boosting lye levels in drinking water to unsafe levels.
Despite the facts that practically every industry has had to cope with ransomware gangs in the past years, the federal sector outperformed all others. Healthcare, industrial goods, and services come in second and third, respectively. Here are some of the most common ransomware variants in 2020–2021.
Advanced persistent threat (APT) groups, which are often under government control and focus on longer-term cyber-attacks in which threat actors acquire access to a network and remain undiscovered for an extended length of time, can be involved in nation-state threat activities.
The fundamental purpose of a cyber-attack by a nation-state is to collect information. Intelligence gathering, sabotage, and disruptive/destructive strikes are among their goals. Assume that in the future, if a foreign opponent wanted to disrupt the water supply or do something to grind another country’s economy to a halt, they would effectively set those hooks today so that they could use that action and capabilities later.
However, different departments and operations within a nation-state may have distinct objectives, and state-sponsored activity may be carried out for military, political, or economic reasons.
Attacks on the United States are often (but not always) carried out by nation-state threat actors from the “big four”: China, Russia, North Korea, and Iran. The institutions, circumstances, and motivations of each government are unique.
Defending yourself against Ransomware
SMBs used to be able to largely ignore the threats posed by information security since they were small enough to fly under the radar of APTs while still being large enough to be unaffected by random and generic attacks. Those days are gone, and all businesses must now be prepared to defend themselves against criminal gangs.
Here are some steps that can help you defend your systems:
· Keep all of your devices’ software up to date to prevent attackers from exploiting vulnerabilities and infiltrating your network.
· Concentrate your defense strategy on identifying lateral movement and internet data exfiltration. To discover cybercriminal connections, pay close attention to outgoing traffic.
· Create offline backups that intruders won’t be able to access. Make sure you can get to them immediately in case of an emergency.
· Educate your personnel on how to preserve the corporate environment. Dedicated training classes may be beneficial. Here’s a link to a free tutorial on how to avoid ransomware attacks.
· Conduct a cybersecurity audit of your networks and address any vulnerabilities found on the perimeter or within the network.
· Enable ransomware protection for all endpoints. There is the free Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other types of malwares, prevents exploits and is compatible with other installed security solutions.
· If you don’t have any internal threat hunters, ask your MDR provider for assistance. They will be in charge of identifying, detecting, and responding to threats that are directed at your company on a continual basis.
· Never pay the ransom if you become a victim. It won’t guarantee you get your data back, but it will incentivize crooks to keep doing what they’re doing. Instead, contact your local law enforcement agency to report the occurrence. Try looking for a decryptor on the internet — https://www.nomoreransom.org/en/index.html has quite a few.
· Be proactive and get help from ethical hackers. Example — FBI could retrieve ‘’millions’’ in ransom money paid to hackers as they immediately notified the government and ethical hackers.
Defending Ransomware with Technology
Threat groups appear to be continuously looking for new and more profitable business models, even while they are riding a wave of success. Technology, such as voice identification technology, should be our last resort, as it may help organizations ensure that only persons with the proper credentials have access to their systems.
The power of prediction is wielded by AI. Businesses are turning to artificial intelligence to boost their security against hackers. Machine learning algorithms are employed in AI systems to learn from prior data and recognize anomalies, helping businesses to avoid and address breaches efficiently. Deception technology backed by AI, for example, can assist delay an attack using AI powered deception technology.
On the other hand, many people do not use actual Artificial Intelligence at all. Most organizations rely on basic machine learning platforms or first and second-level AI, which won’t protect them against advanced adversarial technology attacks if the hack has never been seen before. The only way to do so is to employ a predictive third-wave AI system capable of detecting anomalies as they occur.
Some of the use cases are:
· E-mail monitoring: Cyber dangers frequently target e-mail. Artificial intelligence (AI) monitoring software aids in the detection of cyber threats by increasing the accuracy and speed of detection.
· Network threat analysis and malware detection: To avoid fraud access, organizations employ AI to recognize malicious malware and the differences between actual and fake users.
· AI in the face of AI-based threats: Hackers are also employing AI. Organizations require AI to protect themselves from AI-based dangers.
· Using AI to automate repetitive security work: Companies use AI to automate repetitive security duties so that security analysts may focus on more essential responsibilities.
My Final Thoughts
In 2021 and beyond, ransomware groups will continue to make headlines. The ransomware ecosystem has matured to the point that it can now be considered a systemic danger to businesses all around the world. The world of ransomware must be viewed as an ecosystem and managed as such.
Another grim fact is that the ransomware plague affects every business. These crippling attacks are occurring in all countries and across all industries, and it is critical that all businesses and private-sector organizations employ security measures to limit the effects of a ransomware attack.
Because unpatched security flaws can allow ransomware and other malware to access and spread throughout a network, it’s vital to apply critical security updates as soon as they’re available to guard against known vulnerabilities. While it may be inconvenient to temporarily disrupt parts of the network to ensure that the fixes are installed, it will be far less painful than becoming the victim of a cyberattack.
Furthermore, anything that can’t receive security upgrades for whatever reason should be separated from the rest of the network — if it needs to be openly facing the internet at all — to help prevent cyber criminals from utilizing more vulnerable systems as a gateway to the remainder of the network.
I don’t think we should be panicking right now, and I don’t believe the sky is falling, but I do believe we’re in a situation where things will get much worse if nothing is done soon. You’d better get started immediately if you want to get ahead of the game.
Nonetheless, due to technology, the problem will never be totally erased. I’m also confident that ransomware assaults on the healthcare and pharmaceutical industries will increase in 2021 as firms complete their vaccinations to combat the pandemic.
See original article @ unfoldlabs.com