If your company hasn’t experienced a ransomware attack yet, brace yourself because it’s coming.
IDC reports that 37% of organizations around the world were victims of a ransomware attack in 2021, while the FBI reported incidents of cybercrime have increased by 300% since the onset of the Covid-19 pandemic.
The cost of the damage is rising, too, with ransomware pay-outs climbing 82% in the first half of 2021, reaching an average of $570,000.
Bad actors are taking advantage of vulnerabilities introduced during the pandemic, as businesses have adopted remote working policies and accelerated digital transformation initiatives.
Six ransomware groups were able to bypass the cybersecurity defenses of nearly 300 organizations in 2021, charging victims more than $45 million in ransom. Some of the biggest vulnerabilities were introduced by remote workers, who caused security breaches in 20% of organizations.
See also: Ransomware: Should Companies Ever Pay Up?
Are ransomware attacks becoming more common?
There are several common vulnerabilities used to exploit and install malware, the nature of which can be technical or created through human error:
- Vulnerable VPNs, or unprotected devices used by remote workers to access corporate resources.
- Hardware devices running outdated operating systems or missing critical security patches - something which is much more common now as IT estates expand to meet modern-day demands.
- Attacks on unprotected mobile devices spread from device to device, leveraging obfuscation techniques to conceal malicious code and bypass security controls.
- Phishing emails used to trick unsuspecting employees into downloading apps or visiting infected websites. Unless specifically trained to recognize a malicious email, employees are unlikely to realize they've let an attacker in.
In today's highly mobile work environment, one employee may be using multiple devices and accessing numerous cloud apps and services. If a hacker gets just one password, they can obtain the information they need to infiltrate several systems - including those that contain sensitive information or customer data.
That's when the real damage occurs, and not just in terms of dollars lost, as the reputational damage from a data breach can also put a company out of business.
What's more, today's cybercriminals can leverage an organization's global cloud infrastructure to launch an attack from anywhere. This has resulted in the trend toward "Ransomware-as-a-Service," where larger ransomware groups - such as REvil and DarkSide - sell malicious code to third-party buyers who can then quickly and easily launch attacks of their own.
A particularly disturbing trend for cybercrime is the increase in attacks on critical infrastructure. Hackers are increasingly targeting oil and utility companies, as well as governmental agencies, because they can demand higher ransom and expect to be paid sooner - such as the Colonial Pipeline breach, which disrupted gas supplies in the U.S. and forced the organization to fork up $4.4 million dollars in bitcoin.
Healthcare organizations are also particularly vulnerable. Comparitech found that in 2020, the healthcare sector was hit hard, with over $20 billion lost in ransom paid, revenue, and legal costs, as more than 600 healthcare organizations were hit by 92 attacks.
As the reliance on IT infrastructure for business operations grows, organizations big and small are under increased pressure to submit to a hacker's demands.
Take stock of your IT
To combat the rising tide of ransomware attacks, CIOs, CSOs, and businesses, in general, are focusing more on IT Asset Management (ITAM) and their IT inventory to arm themselves with the information they need to properly defend themselves.
You can’t defend against something when you don’t know what you have in the first place. By providing IT security teams complete visibility across the entire IT estate, along with extremely granular and accurate data about all hardware and software that comprise the IT infrastructure, organizations can proactively mitigate the risk of an attack before it happens. If an attacker somehow does manage to get through, security analysts can use the data to "stop the bleeding" before widespread damage occurs.
Advanced capabilities, such as deep scanning and Credential-free Device Recognition technology, are also being developed to shore up defenses. The technologies help automate security processes, continually scanning networks to detect and identify any connected device and consolidating all IT asset data into a single system of record that becomes a baseline for IT security.
The technology is also helping businesses keep on top of software patches and updates, a constant yet necessary evil. IT teams have traditionally relied on spreadsheets for tracking technology assets, something which simply isn’t sustainable in large enterprises or effective in blocking attacks.
By automating the process of discovering and identifying technology assets and creating a complete and accurate inventory, organizations have a single source of truth that keeps them one step ahead. Along with all the data they need to assess the health and state of their technology infrastructure, businesses can also ensure every device is equipped with the proper security software.
It’s also important in protecting unknown and rogue devices, an issue heightened by the shift to remote working. In the interest of boosting worker productivity, many organizations have also adopted a bring-your-own-device (BYOD) policy in trying to boost productivity, but this has only helped increase the number of unprotected devices accessing the network.
Be ready for the next attack
Hackers are continuously coming up with new methods and techniques to do their dirty work, and even if you take every precaution, an attack can still get through.
Ransomware is here to stay, and regardless of the security protocols you put in place, hackers are committed to finding ways around them. And even though you may not be able to prevent an attempted attack, you can outsmart the attacker.
Taking a proactive stance by ensuring you have the insight and technology intelligence you need to spot, isolate, and stop an attack is your best defense.
Roel Decneut is Chief Strategy Officer at Lansweeper.