Cyber Security Awareness: Ransomware

“Organizations and consumers are frequently exposed to the clear and present danger of sophisticated phishing and ransomware cyber attacks.”

Over the last several years, ransomware has remained a “clear and present” cyber security threat for organizations and individuals around the world. As companies have gone increasingly digital, cyber criminals have sought to maximize their profits by exploiting the vulnerabilities that come with a rapidly expanding cyber ecosystem.

Global cyber threats include ransomware, common hacks such as phishing and malware, or complex state- sponsored spying efforts like with SolarWinds. And, the frequency of today’s cyber attacks is growing and compelling companies to secure their networks with the most modern threat detection technology.

Ransomware is a malware that infects computers (and mobile devices) and restricts their access to files, often threatening permanent data destruction unless a ransom is paid. It has reached epidemic proportions globally. According to the Cybersecurity and Infrastructure Assurance Agency (CISA): “Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.”

These cyber attacks against U.S. companies and organizations result in shutdown of critical infrastructure, which can create shortages, increased cost of goods/services, financial loss due to shutdown of operations, and loss of money due to having to pay the ransom to the hackers, and worse.

Ransomware costs include ransom payouts, damage and destruction (or loss) of data, downtime, lost productivity, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hostage data and systems, reputational harm, and employee training in direct response to the ransomware attacks.

Source: Cybersecurity Ventures

For example, the DarkSide hacker gang is an organized group of hackers set up along the “ransomware as a service” business model, meaning they develop and market ransomware hacking tools, and sell them to other cyber criminals who then carry out cyber attacks. Additionally, DarkSide steals private data and threaten to make it public unless the victim pays a large sum of money — typically in the range of $200,000 to $2 million, according to CNBC. The FBI has determined that DarkSide was behind the devastating Colonial Pipeline ransomware cyber attack which targeted the company’s billing system and internal business network. Subsequently, the company reportedly paid out $4.4 million dollars in bitcoin. Fortunately, US law enforcement was able to recover much of the $4.4 million ransom payment.

Human element

“Ransomware is expected to attack a business every 11 seconds by the end of 2021.” Steve Morgan, Editor-in-Chief, Cybersecurity Ventures

Ransomware still uses social engineering as its main infection vector,” says KnowBe4’s Sjouwerman. “Some 91% of cyberattacks begin with a “spear phishing” email, according to research from security software firm Trend Micro.

Spear phishing is an increasingly common form of phishing that makes use of information about a target to make attacks more specific,sophisticated and “personal”. These attacks may, for instance, refer to their targets by their specific name or job position, instead of using generic titles like in broader phishing campaigns.

According to research firm Cybersecurity Ventures, ransomware damages will reach $20 billion this year, up more than 100% from 2018 and 57 times higher than in 2015.

As cyber attacks and ransomware continues to grow in frequency and severity, it’s essential that individuals receive security awareness training that specializes in making sure they understand the mechanisms of spam, phishing, spear phishing, malware, ransomware and social engineering and apply this knowledge in their day-to-day online activities.

Additionally, it’s imperative that organizations employ an endpoint detection and response (EDR) tool which can provide the visibility and cyber protection that organizations need.


References:

  1. https://www.cnbc.com/2021/05/27/cybereason-ceo-was-in-israel-bomb-shelter-telling-world-about-darkside.html
  2. https://blog.knowbe4.com/bid/252429/91-of-cyberattacks-begin-with-spear-phishing-email
  3. https://illinois.touro.edu/news/the-10-biggest-ransomware-attacks-of-2021.php
  4. https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021/
  5. https://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Advertisements