Ransomware is the biggest cybersecurity threat that the world faces today. The attacks are relentless and growing more sophisticated than ever. The impact of such attacks can cause to business and the economy. According to IBM: ‘in 2022, ransomware attacks accounted for 41% of breaches ’.
In the US, there is regular reporting from agencies warning of ransomware threats. At the start of March, the CISA (Cybersecurity and Infrastructure Security Agency) published a statement that Royal ransomware is picking up steam, raising alarm over the threat of the group’s activity gaining additional traction. As a consequence, the CISA released a new advisory about the ransomware group stating that “after gaining access to victims’ networks, Royal actors are able to disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems”. The Royal ransomware group is made up of highly seasoned ransomware attackers who have many similarities to the infamous Russia-linked hacking group called Conti.
The group is said to be targeting critical infrastructure in the US specifically, notably the healthcare sector whereby demands for ransoms have been in between $250,000 to over $2 million. However the group has also been targeting the education, finance, manufacturing and communications sectors. With every event, the threat actors have been able to “publish 100% of the data that was allegedly extracted from the victim”, the Department of Health and Human Services in the U.S confirms.
In February 2023, SiliconAngle reported that “the oldest US federal law enforcement agency; the Marshals Service; was hacked in a ransomware attack, resulting in the theft of sensitive data”. The agency made a statement expressing that a “major incident impacted a ‘standalone’ computer system which contained records about targets of ongoing investigations, employee personal data and internal processes”.
At the end of last month, the Biden administration shared a 39-page National Cybersecurity Strategy document that listed recent ransomware attacks in the US alongside proposed mandatory regulations and liabilities for software makers and service providers to adhere to moving forward. With the threat of ransomware at an all time high, the Biden administration has expressed the “more capable and better-positioned actors in cyberspace to become responsible stewards of the digital ecosystem”. The administration acknowledged that the burden of mitigating cyberattacks and threats disproportionately falls on end-users such as small businesses, individuals, infrastructure operators and state and local governments.
No industry is immune from the threat of ransomware attacks. It is clear that now is the time for companies to make additional investment in developing a ransomware protection strategy. Part of this strategy should include developing a ransomware recovery plan. Businesses should embrace the mentality of ‘when an attack happens’ instead of focusing on ‘if an attack happens’. By doing so, they will be better prepared for mitigating the overall damage of such an attack. The first step of this plan is to identify and protect critical data. Step two is to implement solid and robust backup procedures so a firm can continue to work irrespective of the damage caused by the attack. If we look at the Marshals Service example, the hackers were able to access files that were stored on a standalone computer. If such files are not backed up, this can be significantly damaging for the continuation of work and operations. When it comes to developing a ransomware strategy, firms should create an incident response plan so they are able to swiftly react in the event of an attack. Working with an outsourced specialist cybersecurity provider such as RFA is a great way to improve and implement such a strategy. We work alongside our clients to design, develop and deliver a ransomware strategy that is tailored to their business’ needs.