26 May Ransomware: A perfect storm
According to the report, normalizing the act of paying a ransom to cybercriminals does nothing to protect anyone from ransomware. Ransomware is becoming a perfect storm successfully by a number of factors that assist cybercriminals to hack corporate networks. They’re succeeding because a large number of businesses that are victimized are willing to pay the ransom.
The ‘perfect storm of conditions’ has come together, according to a report by the Royal United Services Institute (RUSI) and cybersecurity firm BAE Systems, allowing ransomware attacks to spread like wildfire across the globe.
These factors include everything from how easy it is for cybercriminals to obtain and distribute ransomware, to how the COVID-19 pandemic has made it easier for malicious hackers to gain access to networks.
However, a large number of ransomware victims pay the ransom. Cybercriminals are more likely to pursue this line of attack – and the act of paying ransom demands has become commonplace.
“As the organizations that pay a ransom to solve a problem increases, the acceptable notion of paying a ransom rises,” the paper warns. Adding that the ability to recoup ransom payments through cyber insurance may encourage ransom payments even more.
And, thanks to the rise of ransomware as a service, even low-skilled cybercriminals can now get involved with ransomware. The attackers pay fees or subscribe to a service that provides pre-packaged ransomware. They can use it in their attacks.
Some of these as-a-service offerings are minor, while others, such as REvil, result in ransomware attacks in which victims pay hundreds of thousands of dollars – with the ransomware authors taking a cut of the money. Many ransomware operators are eager to make as much money as possible. They will advertise their offerings on underground forums in order to attract as many users as possible, complete with customer service.
“Recent evidence indicating that ransomware operators are actively recruiting new talent is a concerning sign that the threat’s scale is still growing,” the research paper warns.
Ransomware groups- Potential storm:
They are constantly evolving, which has contributed to the attacks’ success. Ransomware attacks were already effective, but the attackers behind Maze added a new weapon to compel victims to pay up the threat of leaking stolen data if the ransom is not paid. Following the success of this “double extortion” technique, a number of other ransomware groups have adopted it as an additional method of forcing victims to pay the bitcoin ransom.
Ransomware’s success is a potential threat that is aided by the variety of ways to gain access to networks. Phishing, brute-force attacks attempting to crack weak passwords on remote desktop protocol services, and exploiting technical weaknesses are all used by ransomware attackers to get access to the systems they require.
Remote working has made it easier for cybercriminals to gain access to networks and launch ransomware attacks. Employees who are working from home are relying on email and remote services. This allows cybercriminals the advantage of the weaker security to infect corporate systems with ransomware.
Finally, the report concludes that ransomware attacks will cease if ransomware becomes unprofitable. It requires organizations to become secure enough to avoid falling victim to attacks in the first place. Ensure timely patching of critical vulnerabilities and the use of multi-factor authentication wherever possible. Also by reinforcing phishing awareness training among the recommendations for securing networks.