By Sekuro Hackcelerator 2021 Mentee, Mia Symonds
Introduction
Ransomware is driving worldwide cybercrime chaos, with high-profile businesses, government agencies, and infrastructure operators falling prey to cyber-criminals every week. [1]
Behind these assaults is an increasingly professional industry, with affiliate networks working together to discover, penetrate, and extort lucrative targets. The gangs that create and operate the malware that allows these assaults to take place are at the core of this enterprise. Some criminals employ ransomware to directly extort victims, whereas others provide Ransomware-as-a-Service (RaaS), which allows other criminals to target certain organisations for a fee. [2] To elaborate, ransomware gangs play a role in this process by licencing their software to other criminals in exchange for a percentage of the ransom they may obtain from their victims.
An example of a ransomware gang is known as LockBit, who operates using a RaaS model similar to those of DarkSide and REvil.
LockBit uses an affiliate arrangement to make its ransomware platform available to other individuals or entities.[3] Any ransom payments collected by LockBit are distributed between the customer who directed the assault and the LockBit gang itself. The Australian Cyber Security Centre (ACSC) advises against paying a ransom in the event of a ransomware attack as there is no guarantee that cyber-criminals will decrypt files once the ransom is paid, and paying a ransom demonstrates a willingness to give in to criminal demands, which could give rise to further criminal activity.[4] Despite this advice, many businesses, particularly those with important infrastructure, panic and pay the perpetrators extortionate sums. Fear is profitable, and these ransomware gangs are taking full advantage of it.
After years of increasing cyber-attacks, the emergence of ransomware has changed the threat landscape for all businesses. The Federal Bureau of Investigation (FBI) released a private industry notification (PIN) warning that ransomware gangs were attacking businesses that were engaged in time-sensitive financial transactions. The gangs, according to the bureau, look for non-public financial information and threaten to release it if the victims are uncooperative with ransom demands.[5] The agency notes that ransomware gangs utilise approaching events that might impact a business’s stock price, such as mergers, acquisitions, and announcements, to force victims to pay. [5] Businesses who wish to keep the event discreet, or who do not want their intellectual property released online where rivals may acquire it, frequently yield and pay the ransom demand.
At present,
It appears that businesses from every industry are vulnerable to ransomware attacks, and it is difficult to discern which organisation in which industry is a target. It is a risky notion to believe that any business is too small to be in the sight of a ransomware gang. Last year, 55% of ransomware attacks struck businesses with less than 100 employees.[6] However, a broader view at how ransomware has evolved in the last few years will allow Information Technology (IT) professionals and businesses to gain an increased understanding of how much danger their organisations may potentially be in.
Data is under constant attack from sophisticated adversaries, and risks are growing at an extremely rapid rate. Businesses must ensure that their organisation goals and objectives factor in the long-term implications of ransomware attacks on their cyber posture, as well as understand the roadmap and resources that are required to avoid and mitigate future assaults. As they move across networks in the background, advanced threats are typically hidden. Furthermore, as the number of devices connecting to a network grows, paired with ever-changing operating environments, so does the complexity of detecting and mitigating potential exposure to ransomware.
To maintain full visibility and security, there is a requirement for businesses to ensure regular threat hunting, continuous monitoring, and persistent access rights reviews.[7] The National Institute of Standards and Technology (NIST) guidelines outline the need for businesses to leverage a zero-trust architecture to reduce the overall risk of a cyber-attack. Zero-trust minimises a business’s attack surface by assuming that anything that has access to their data, including devices, users, cloud assets, and virtual infrastructure, are a potential threat.[8]
Conclusion
With high-profile incidents requiring extensive response teams becoming more common, having enough cyber-security competence is more important now than ever before. Therefore, businesses should endeavour to expand funding and training for cyber-security professionals as they continue to hire their employees. The recent influx of large-scale cyber-attacks and the continuous increase in assaults has awakened businesses to the necessity for better cyber procedures across all industries. To tackle the rising danger of ransomware, a transition to a data-centric security approach is required, combined with a utilisation of public-private partnerships, the retaining of leading cyber talent, and the guidance of government standards and policies.
Sekuro's ransomware readiness assessment
Simulating real-world Tactics, Techniques, and Procedures (TTPs) utilised by ransomware adversaries and cyber-criminal organisations to compromise and deploy ransomware throughout corporate Windows environments, Sekuro’s Ransomware Readiness Assessment enables your organisation to understand gaps and remediate ransomware exposure risk with this common and growing risk.
related post:
The Unique Cyber-Security Challenges Posed by Remote Work and the COVID-19 Pandemic