The rise of ransomware attacks

A heady combination of sophistication and greed has driven cyber criminals to the next level of disruption

By George Ralph, Global Managing Director and CRO

The days of cyber threats being somebody else’s problem are are long gone and how we protect our businesses, workforce and data from attack are a constant source of concern for all business leaders. It is important to understand cyber attackers for what they are at the highest level: extremely well provisioned and well-funded organisations that have access to best-in-class hardware and some of the most elite criminal minds currently practising in the technology sector today. These shadowy organisations develop their tech and programming at a pace that equals what we, on the other side of the cybersecurity war, also do.

Attacks on critical infrastructure have been a major concern for years, a decade at least, but they have accelerated in recent months. Highlighting the vulnerability of the networks and infrastructure on which governments, corporations, and in fact, all of us rely, attacks on infrastructure, with the aim of totally disrupting supply chains, have become more frequent.

Now these attacks have transitioned from random individuals hacking into systems to sophisticated criminal enterprises focused on ransomware. We know that cyber breaches have become more focussed on instantaneous financial gain, rather than securing information or causing disruption, so the infrastructure attacks make sense. Think Colonial or JBS. Removing access to fuel and food for huge swathes of the population will trigger an emotional reaction and elevate the attackers’ success in their quest for a financial pay out. The bigger the target, the bigger the return. A cyber physical event, where actual real-world processes get halted, means the likelihood of a financial pay out increases significantly. As we become more connected, the vulnerabilities will continue to increase too.

While ransomware has long posed a cybersecurity threat to companies, last year was especially shocking, with ransomware victims in the US paying out nearly $350M, according to the global security group the Institute for Security and Technology – a 311% increase over 2019.

Attacks are also rising because of remote working. The number of opportunities for network breaches increased massively when we moved away from traditional on prem firewall systems. But it is more than that: where we have built more robust cloud based SaaS solutions, criminals have also become more organised and their ability to execute ransomware attacks has increased.

And let’s not forget the rise of digital assets. Cryptocurrency, which is easier to send online and less traceable than traditional money orders, has facilitated the trend in ransomware attacks. Crypto has made it much easier for cyber criminals to extract money from organisations. We find ourselves in the unfortunate situation where our networks are harder to secure and the ability to demand untraceable funds is easier.

We have also seen the rise of ‘ransomware-as-a-service’. A kind of outsourced cyber-attack service where large organisations, REvil and DarkSide being two examples in recent months, provide their criminal services on behalf of a third party who wishes to launch an attack on their chosen target. For a cut of the ransom, the expert service will launch the attack on your behalf. When we stop to think about the eventual consequences of this, it is extremely unsettling. Most seem to be based in Russia and Russian law enforcement typically leaves such groups operating within the country alone if their targets are elsewhere because they bring money into the country.

The best form of defence is prevention, and there is no question that preventing cyberattack requires specialists. State-of-the-art defences, including machine learning tools, AI and behavioural analysis tools, can monitor platforms and applications as well as human behaviour. By deploying a 24/7 Security Operations Centre (SOC) to manage the reporting on those tools, a firm can rest assured that their networks are being monitored even when they are not working.

Using an SOC and specialist engineers, who actively monitor networks for anomalies and are trained to detect known threats, is a great way to block attackers and infiltration tools before it is too late. It is also good practice to set up appropriate vulnerability and penetration testing and train your teams. The more we make cyber security part of our day to day workflow and conversation, the less it becomes a taboo subject.

Every time a firm opens up a new connection, there is a risk of cyberattack. Ransomware is just one form of the debilitating options used by hackers to ransom your business professionally and financially.

SaaS capability such as an outsourced managed security service combines continuous monitoring of endpoints, networks, applications and web resources with user behaviour analytics and investigations by teams based via a dedicated SOC. By creating the ability to observe behaviour and activity continuously in real time and correlate the data across thousands of events each day means selecting an advance AI solution for your firm means you will have access to far better reach and scalability than traditional cybersecurity solutions. Machine learning enabled technologies in conjunction with the knowledge you can access from a MSP security expert team means your endpoints have the same security as a traditional network, preventing threats from entering at any point and moving laterally. Look for an outsourced partner who is already working with funds with similar strategies to your own, allowing you to benefit from that knowledge as you embark on your own next gen cybersecurity project.