|There’s an old joke that goes, “What kind of writing is most lucrative? A ransom note.” It’s funny because it’s true. 2021 saw a surge in ransomware attacks on businesses, and according to Unit 42, a security consulting team at Palo Alto Networks, the number of cyber extortion cases will likely grow in 2022.
As Threats Grow, So Do the PayoutsThe number and size of payments made by businesses and organizations to the perpetrators are also on the rise. Among the 2021 incident response cases (mostly involving US-based victims), the average ransom demanded was $2.2 million. This represents a 144% increase from the average demand of $900,000 in 2020. While those numbers are higher, Unit 42 also points out in its report that ransom payouts are still significantly less than initial ransom demands. The security team calculated that the actual average payments were just 42% of the initial ransom amount.To get more money, cybercriminal groups are now diversifying their skillsets. These organizations use multipronged attacks to threaten their victims into compliance. For example, they might issue warnings that they will release sensitive company data on dark web leak sites if the victim doesn’t pay up. You can’t argue with the results. The pressure prompts victims into making payments without the group even having to deploy ransomware. And it’s no bluff. Unit 42’s analysis in its 2022 Ransomware Report shows ransomware groups posted 85% more victim data on the dark web last year than in 2020.Meanwhile, as PCMag’s Michael Kan reports, ransomware software continues to menace organizations large and small. FBI officials say ransomware attacks hit U.S. critical infrastructure hundreds of times just last year. The main targets were in the financial services, healthcare, and information technology sectors. The FBI’s report says ransomware strains REvil, Lockbit 2.0, and Conti can all be traced back to hacking groups that have members suspected of operating out of Russia.
The Business of RansomwareAll of the above has led to a situation where enterprising threat actors work smarter, not harder. Unit 42 reports that criminal entrepreneurs now offer ransomware-as-a-service (RaaS) to like-minded ne’er-do-wells. RaaS works similarly to the software-as-a-service your business may use for its day-to-day functions. The RaaS group establishes agreements that set the terms for providing actual ransomware to affiliates in exchange for a monthly fee or a percentage of ransoms paid. RaaS lowers the barrier to entry for criminal wannabes and expands ransomware’s reach.
How to Prepare for a Ransomware AttackGrandma used to say, “A stitch in time saves nine.” In other words, bolster your defenses against a ransomware attack before it occurs. Unit 42 offers ten ways businesses can keep safe or at least minimize ransomware’s impact on their day-to-day operations.1. Stay educated and up to date on ransomware risks. Keep an eye on news concerning the latest threats (subscribing to SecurityWatch is a fine start). Make sure your ransomware protection software stays updated, too.2. Know what data you stand to lose. If you know what data is at risk for your company and where it’s all stored, you will know how to prioritize scheduling backups and investing in offsite storage.3. Make sure everyone you work with is focused on security. Third parties, partners, and supply chain elements could all introduce ransomware risks that could affect your company. Talk with anyone who accesses your data about their security plans.4. Review and test your incident response plan. Who will you call to get your computers back online during a ransomware attack? How much are you willing to pay to get your data back? How long can your business remain offline during a security incident? It’s important to create and regularly review an incident response plan to make sure you aren’t at the mercy of a ransomware group. 5. Implement a zero-trust strategy. Eliminate implicit trust. This means every authorization request and every session must be validated before a user can continue on the network. Validating at every stage of every digital interaction makes it harder for attackers to get in and wreak havoc.6. Identify your exposed assets. What’s on your social media feeds? What’s in your inbox? Any information about yourself and your business you make public is in danger of being exposed in a data breach or used as fodder for ransom attacks. Don’t get caught unawares. Protect your logins with complex, hard-to-guess passwords that you keep in a password manager’s encrypted vault.7. Identify and block potential threats. Keeping exploits, malware, and command-and-control traffic at bay takes away any easy targets from attackers.8. Learn how to automate your protection. Use tools such as antivirus protection that will detect ransomware threats early so you can respond and recover quickly. 9. Secure your cloud presence. To launch ransomware attacks in cloud environments in the future, criminals will probably use tactics we have yet to encounter. Prepare your business by using identity and access management software to secure cloud APIs.10. Reduce response time with retainers. Keep incident response experts on speed dial. They can help you create a budget for responding to a ransomware threat and thus take faster action to get you back in business faster.Get this email from a friend? Get it delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.
What Else Is Happening in the Security World This Week?Update Your iPhone Now: Apple Releases Patches for iOS, iPadOS, Mac Zero-Days. The flaws appear to have been actively exploited.Do You Really Need to Buy an Antivirus App or a VPN Anymore? Isn’t the built-in security on today’s PCs, phones, and tablets good enough? The answer depends on the OS you’re running.Despite Arrests, LAPSUS$ Hacking Group Strikes Again, Hitting IT Supplier. Software services firm Globant confirms it was hacked after the LAPSUS$ group dumps a 70GB archive allegedly stolen from the company.Viasat Hack Tied to Data-Wiping Malware Designed to Shut Down Modems. Security firm SentinelOne says malware known as AcidRain was likely used to take down Viasat’s satellite internet network during Russia’s invasion of Ukraine.CleanMyMac X Now Flags Russian, Belarusian Apps as ‘Suspicious’. What’s running on your Mac?