While an uptick in attacks was expected due to the US presidential election, cybercriminals are also leveraging the COVID-19 pandemic and remote work to wreak havoc on organizations.
Ransomware appears as a big business in Asia-Pacific that witnessed a surge in 2019. According to Security Endpoint Threat Report 2019 by Microsoft Asia Pacific (APAC) continued to experience a higher-than-average encounter rate for ransomware attacks, making a 170 percent higher than the rest of the world.
With the pandemic putting millions of workers at home, cybercriminals gained a larger attack surface as the result of the fast and widespread shift to remote work. The weak security of home networks makes it easier for cybercriminals to compromise them, move laterally to business networks, and launch ransomware attacks. In a market report, Barracuda finds 51% of the respondents said they have already had at least one cyber security scare since shifting to a remote working model during the COVID-19 lockdown.
It’s not just attacks that are on the rise. Ransoms and ransom payments are, too. In many cases, ransoms are now more likely to be paid, and these demands often exceed a million dollars. Of the cases studied, 14 percent were confirmed to have paid the ransom, and the average payment was US$1,652,666. In one extreme example, Garmin was reported to pay US$10 million in ransom.
In addition to stealing data, encrypting files, and demanding ransom, cybercriminals are also demanding payment from victims, to avoid publicly disclosing information obtained that could cause public humiliation, legal issues, and hefty fines.
Many cybercriminals are now combining the use of ransomware and data breaches to double the leverage over their victims in this way. Barracuda finds 41 percent were a combined ransomware attacks and data breach. If the ransom is not paid, victims’ data is dumped on the threat actors’ servers or auctioned off on the dark web.
Defending against ransomware attacks
The rapidly evolving email threat environment requires advanced inbound and outbound security techniques that go beyond the traditional gateway, including closing the technical and human gaps, to maximize security and minimize the risk of falling victim to sophisticated ransomware attacks.
- Spam filters / phishing-detection systems
While many malicious emails appear convincing, spam filters, phishing-detection systems, and related security software can pick up subtle clues and help block potentially threatening messages and attachments from reaching email inboxes.
- Advanced firewalls
If a user opens a malicious attachment or clicks a link to a drive-by download, an advanced network firewall capable of malware analysis provides a chance to stop the attack by flagging the executable as it tries to pass through.
- Malware detection
For emails with malicious documents attached, both static and dynamic analysis can pick up on indicators that the document is trying to download and run an executable, which no document should ever be doing. The URL for the executable can often be flagged using heuristics or threat intelligence systems. Obfuscation detected by static analysis can also indicate whether a document may be suspicious.
- Block lists
With IP space becoming increasingly limited, spammers are increasingly using their own infrastructure. Often, the same IPs are used long enough for software to detect and add them to block lists. Even with hacked sites and botnets, once a large enough volume of spam has been detected, it’s possible to temporarily block attacks by IP.
- User-awareness training
Make phishing simulation part of security awareness training to ensure end users can identify and avoid attacks. Transform them from a security liability into a line of defense by testing the effectiveness of in-the-moment training and evaluating the users most vulnerable to attacks.
In the event of a ransomware attack, a cloud backup solution can minimize downtime, prevent data loss, and get your systems restored quickly, whether your files are located on physical devices, in virtual environments, or the public cloud. Ideally, you should follow the 3-2-1 rule of backup with three copies of your files on two different media types with at least one offsite to avoid having backups affected by a ransomware attacks.
Although ransomware has been around for more than two decades, the threat has been growing rapidly in recent years. Cybercriminals use malicious software, delivered as an email attachment or link, to infect the network and lock email, data, and other critical files until a ransom is paid.
These evolving and sophisticated attacks are damaging and costly. They can cripple day-to-day operations, cause chaos, and result in financial losses from downtime, ransom payments, recovery costs, and other unbudgeted and unanticipated expenses. Organisations must improve their security posture to defend business from disruption.