ransomware attacks on the rise

Cybersecurity and Ransomware Attacks on the Rise: How Prepared are You?

A recent Forbes article noted 2020 saw an increased number of cybersecurity attacks and record-breaking data loss statistics due to breaches. Additionally, Statista reported 304 million ransomware attacks globally in 2020, almost double the 188 million reported in 2019.

According to the Statista report, spam or phishing attempts are the most common vectors for ransomware. They encompass 54% of ransomware delivery methods, while bad user practices and lack of adequate cybersecurity training round up the top three at 27% and 26%, respectively.

The sad fact is cybercrime is a growing, highly lucrative, and profitable industry. Cybersecurity Ventures estimates cybercrime costs will reach a staggering $10.5 trillion by 2025, a 15% year to year growth. A significant part of this growth is ransomware representing multi-pronged attacks capturing organizations’ data and systems.

Cybersecurity threats are growing. The SolarWinds hack took everyone by surprise. Touted as the largest and most sophisticated attack the world has ever seen, Microsoft president, Brad Smith, suggested that the attack required over 1,000 engineers to create. While the attack was so discreet it’s impossible to determine exactly how many engineers were involved, it’s clear that thousands of businesses, organizations, and government agencies were affected. Now, as we struggle to regain a sense of security, the question becomes how to avoid the dangers of the next attack.

The recent ransomware attacks on JBS USA Holdings Inc. (the world’s largest meat processor) and Colonial Pipeline (one of the largest fuel conduits in the U.S.) have put everyone on high alert. They underscore the brazen nature of organized, deliberate cyberattacks on increasingly significant targets and the chronic vulnerability and inability to defend against them.

What is a Ransomware Attack?

A Ransomware cybersecurity attack refers to a type of malware malicious actors use to encrypt a victim’s files, effectively locking them out of accessing them. The perpetrators then demand a ransom payment in the form of hard-to-trace cryptocurrency from the victim in return for providing access to their files or risk losing their data or have their confidential information leaked.

Reasons Contributing to Ransomware and Other Cybersecurity Attacks

Experts attribute the recent surge in ransomware attacks over the past year to a confluence of factors, including:

  • A work-from-home boom due to COVID-19 resulting in new IT vulnerabilities
  • The difficulty of tracing cryptocurrency transactions
  • Ready-made ransomware-as-a-service (RaaS)
  • A political climate marked by developing and ongoing tensions between the U.S. and Russia, and China

Cybersecurity experts attribute cryptocurrency anonymity to the increasing number of cybersecurity incidents. Today, malicious online actors make tens of millions of dollars from hacking because they have a virtually untraceable form of payment. In contrast, the international banking system and its money trail make it extremely hard to get money out without a trace.

Another worrying cybersecurity trend is government-backed (state-sponsored) malicious actors. For example, the FBI attributed the JBS attack to REvil and Sodinokibi, two Russian-based hacking groups. At the same time, it attributed the Colonial Pipeline breach to Darkside, a criminal organization based in Eastern Europe.

Russian intelligence has cooperated with Eastern European cybercriminals before, according to U.S. cybersecurity authorities. While the motivation for the cybercriminals is financial, Russia has a political reason for allowing these groups to exist. Although it also helps to have billions of dollars stolen from global companies injected into the Russian economy.

How Do Ransomware Attacks Occur?

Victims of cyberattacks inadvertently allow cybercriminals access to their computer systems or networks. Criminals take advantage of vulnerabilities, such as inadequately trained employees, unprotected endpoints, or unpatched systems. Criminals gain access to systems through methods such as:

  • Email
  • Trusted vendor connections
  • Social media messages, such as Facebook friend requests

Cybercriminals design these messages and attachments to look authentic and trick employees to click on them, which gives malicious actors access to company files and information.

In other cases, experienced hackers break into an organization’s systems or network through publicly exposed interfaces, for example, unpatched Microsoft Exchange servers.

Ransomware-as-a-service is an emerging trend referring to a business model dealing with the lease of ransomware variants to cybercriminals. As a result, it has increased the number of malicious actors who can pull off attacks effectively, creating a new generation of hackers who only need access to the dark web and rudimentary hacking skills.

The recent attack on Colonial Pipeline and its conclusion (the company paid roughly $5 million in ransom) has shown another worrying trend of victims forced to decide between the inability to operate their businesses and paying ransoms.

How Firms Can Respond to Cybersecurity Attacks

Companies and organizations need to have incident response plans to follow during a cybersecurity event. They should immediately loop in the legal department and senior management to ensure work product doctrine and attorney-client privilege protect the ensuing investigation and response. This reduces the risk of exposure in any subsequent legal claims and class action lawsuits.

Victims must also notify their insurer carrier from the onset to determine if their policy provides coverage and have any offer to pay ransom pre-approved before any communication. The decision to pay ransom rests with senior management and the board.

Depending on the incident’s severity and other factors, the organization should file a report with the FBI detailing the indicators of compromise (IOCs) to help track threat groups. The best protection for companies is taking active steps to reduce risks rather than dealing with ransomware demands.

Capitulation and big payouts resolved many recent high-profile ransomware attacks, such as Colonial Pipeline (nearly $5 million) and JBS USA Holdings Inc. ($11 million).

However, the FBI reiterates that paying ransoms does not guarantee that the hackers will give you back access or stolen data. It only offers an incentive for others to target more victims. However, businesses argue that time spent negotiating or outwitting hackers can result in detrimental business consequences and significant financial losses.

How to Prevent Cybersecurity Attacks

Unfortunately, there is a global cybersecurity resource scarcity with over 3.5 million unfilled jobs by 2021, according to Cybersecurity Ventures. In response to the recent spate of cybersecurity-related attacks, the Department of Homeland Defense (DHS) plans to hire 150 cybersecurity professionals during each of the fiscal years 2021 and 2022.

However, companies and organizations must also take preventive measures to safeguard their data, systems, and networks from cyberattacks. To solve the resource scarcity problem, companies can either opt to hire a cybersecurity expert to join their IT team or outsource to a professional services firm like Accume Partners providing internal Audit, risk management, regulatory compliance, and advisory solutions.

Over to You

Despite the cybersecurity resources from law enforcement agencies and regulatory bodies such as DHS, CISA, the FBI, USSS, and MS-ISAC, companies also have to take proactive measures to prevent and mitigate cybersecurity attacks. These include good preparation, cybersecurity hygiene, and an incident response plan that can help your company reduce the risks of attacks and be prepared to handle the unthinkable.

Accume Partners offers a range of services around cybersecurity preparedness and serves hundreds of community banks, technology providers, insurance companies, asset managers, and businesses spanning several vertical markets. We create practices and solutions to solve real-life cybersecurity issues. Contact us today to learn about compliance and how to get and stay secure.

speak to an expert in cybersecurity