It’s a new year, but when it comes to cybersecurity, it seems like the same old topics are still getting all the attention. Ransomware has been particularly buzzworthy of late, which isn’t surprising, considering that criminals have descended to some new lows in 2020. They’ve targeted hospitals and healthcare organizations in the midst of a raging global pandemic, victimized school districts struggling to implement remote learning, and hit state and local governments suffering historic budgetary shortfalls.
Still, a number of experts predict that 2021 has the potential to be a particularly bad year for ransomware attacks. So-called “double extortion” strategies, in which attackers both steal and encrypt the victim’s data, are said to be on the rise. In these attacks, the criminals first demand a ransom payment to decrypt the data involved. If that’s not paid, they then offer a second ultimatum: pay up or they’ll publicize sensitive information — or offer it up for sale on the Dark Web.
Ransomware: with us for decades, still flourishing today
Around since the dawn of the internet, ransomware attacks continue to take advantage of tried-and-true methods for gaining access to victim’s IT environments. Most often they spread via phishing emails, which makes it difficult to defend against them, since employees continue to fall for them. Even with the best security awareness training program in place, people can, and do, make mistakes.
Attackers have recently become more aggressive, leveraging new methods to gain initial access to an environment and disseminating different malware variants. But the primary reason that ransomware attack volumes are up is that there’s more opportunity for less-skilled would-be cybercriminals to gain access to the software and tools they need to launch attacks.
With the rise of cybercrime-as-a-service, it’s easier than ever for people with bad intentions but few technical skills to purchase readymade exploit kits on the Dark Web. These prepackaged toolkits come complete with everything someone needs — from software to cloud computing power — to pull off a full-scale ransomware attack. In the world of cybercrime, the barriers to entry just keep getting lower and lower.
The more things change, the more cybersecurity best practices stay the same
Even if ransomware attacks are increasing, best practices for mitigation and recovery are the same as they’ve always been. Typically, what we tell people is that if your network has been infected with any kind of malware — including ransomware — you should assume that your data may have been taken as well.
Unless you have an effective security monitoring program in place that can track large-scale data movements, it’s difficult to tell whether — or how much — of your data might have been exfiltrated in a ransomware attack. Between encrypted web traffic, secret reverse proxy servers, and sending data over channels like email or chat, there are too many ways for ill-intentioned folks to conceal what they’re sending out of your network.
And criminals are not to be trusted. We’ve heard of incidents in which victims paid the ransom, only to see their data re-encrypted and another ransom demanded a few weeks later.
The good news is that when it comes to preventing ransomware attacks, the basics still apply. Adhering to these cybersecurity best practices can go a long way — both in terms of deterring attackers and making the cleanup and recovery process easier in case you do get hit.
- maintain frequent backups, making sure that you could restore from those backups within a reasonable time frame.
- implement a robust security monitoring program that lets you see what’s happening in your environment in real time
- develop incident response procedures that will enable you to recover quickly, even in worst-case scenarios.
Taking preparedness to the next level with specialized assessments
When it comes to preventing ransomware attacks, another positive development is that growing numbers of cybersecurity service providers are now offering specialized ransomware assessments. Here at BTB, we’ve seen increased demand from our clients for these types of assessments, as more and more people become aware of just how much damage a ransomware attack could cause.
Ransomware assessments take basic penetration testing to the next level, using software to mimic how quickly a ransomware infection could spread across an organization’s IT environment. They can also show how different variants might proliferate, depending upon the criminals’ initial level of access to the network. This enables stakeholders to better understand how they can protect themselves. It also helps them appreciate just how sophisticated today’s cybercriminals really are.
Want to learn more about how your organization’s cybersecurity defenses stack up? Contact us to schedule a free consultation with one of our security experts to learn more about our threat assessment services today.