Has there ever been a threat to your business risk quite like a ransomware attack? One that strikes without warning to cripple a company almost instantly; one that afflicts organizations regardless of their size, industry, or importance; or one that appears so unstoppable even to the well-prepared?
Nonexistent 30 years ago, ransomware has become an existential threat to literally every office in the world. There has arguably never been a threat that exists on this scale. Most alarming of all: ransomware is getting worse.
Recent events demonstrate how diabolical the ransomware threat has become. Attacks increased by 715% in 2020 as adversaries piggybacked off the disruption of the Covid-19 pandemic to catch victims with their guard down. In addition to being more aggressive, threat actors were more merciless about whom they targeted: A patient in a German hospital died after the equipment keeping him alive was disabled by ransomware, and a California university paid over $1 million in ransom to get its IT back online. The Colonial Pipeline attack showcased the numerous vulnerabilities in the US energy infrastructure, in addition to untold effects on the country’s economy. These are just three of the many abhorrent examples of adversaries picking the most sensitive targets to maximize the likelihood of payment.
That tactic appears to be working considering that ransomware payments rose by 100% in 2020. It shows no signs of stopping; an Apple supplier was recently hit with a $50 million ransom demand. With that, cybercriminals have tied the record for the largest ransom demand in history. If ransomware was worrisome before, it has taken on a truly terrifying character now. And no organization can consider itself immune.
However, that doesn’t mean everyone shares the same risk of a successful ransomware attack. In fact, it’s that attitude – one that sees ransomware as inevitable and unstoppable – that puts companies in the most vulnerable position. Instead of updating their security strategy to keep pace with the evolution of ransomware, they assume the situation is hopeless.
It’s not. You can fight back, but you must understand what you’re up against. With that in mind, consider four ways ransomware is evolving and what that means for your security strategy:
Ransomware Shifts From One Target to Many
The explosion of attacks we saw in 2020 looked a lot like the attacks from years past, at least in their early stages. Then, attackers would use a phishing attack or exploit some known/unknown vulnerability to gain entry to an IT network. After this initial breach, there was a gradual introduction to automatic propagation methods. But, today, a single target isn’t enough anymore. Eventually, there would be a shift to human operable ransomware that disregards small networks.
Today’s ransomware attacks move laterally through organizations by hunting for high privilege credentials and exfiltrating information. Their goal is to hit as many machines as possible – i.e., maximize the damage. More than just locking up the machines, they’re trying to steal data they can use for various nefarious purposes on top of demanding a ransom. The difference between this form of ransomware and earlier forms is the difference between an attack and an onslaught.
Preventing these lateral movements – not just hoping to detect them – must be a priority for the security team. Otherwise, a single ransomware attack could cut so deeply that it’s impossible to recover.
Human-Operated Ransomware Attacks Rise to Prominence
For all their effectiveness, ransomware attacks are simple. They follow an assigned pathway and fail if they encounter unexpected resistance along the way. With the advent of human-operated ransomware, however, the attacks have gotten much more sophisticated.
Instead of relying on malware to drive the attack, human-operated ransomware has an operator at the wheel, guiding it around resistance, through safety measures, and towards the most valuable target possible. These attacks are more persistent and, not surprisingly, far more effective and destructive.
How do you outsmart a human-operated attack? By shifting to a zero-trust framework; a preventive strategy saves time, money, and your reputation.
Spear Phishing Campaigns Replace Mass Phishing
Spear phishing campaigns have become the preferred delivery method for ransomware. Adversaries will pick an intended target, then customize an email message to sound as believable as possible. This sharply contrasts with regular phishing, which involves a broad-strokes approach that when sending bulk emails to massive lists of naive contacts. Unsuspecting users will then click a link or download an attachment that results in malware infection. The FBI issued a warning about these campaigns in July 2020, when their frequency was 67% higher than at the start of the year. Spear phishing campaigns are also getting more sophisticated: with domain spoofing techniques, cybercriminals send spear-phishing emails from addresses that look exactly like authorized senders.
This can only mean one thing: more attacks that successfully breach the perimeter. And, as the previous three points emphasize, attacks can deal devastating amounts of damage once inside. Ransomware looks more formidable than ever.
How to Protect Your Organization
Faced with this threat, a cybersecurity strategy built around AV and EDR is doomed to fail. By the time these defenses kick in, it’s already too late. The best advice comes down to this: evolve or die. Prevention is the only defense that works. This means adopting a proactive cybersecurity strategy focused on zero trust, reducing the attack surface, and, of course, moving target defense.