Prevention is better than cure: the ransomware evolution

Jack Garnsey, Product Manager Security Awareness Training and SafeSend, VIPRE, explains that both detection and prevention play a key role in stopping ransomware, but it shouldn’t be one or the other. He explains that by taking a preventative approach, businesses can take the necessary steps to strengthen their cybersecurity posture. This includes a combination of education, processes, hardware and software to detect, combat and recover from such attacks if they were to arise. 

Ransomware tactics have continued to evolve over the years, and remain a prominent threat to both SMBs and larger organisations. Particularly during the peak of COVID-19, research by IBM found that ransomware incidents ‘exploded’ in June 2020, which saw twice as many ransomware attacks as the month prior, taking advantage of remote workers being away from the help of IT teams. The same research found that demands by cyber attackers are also increasing to as much as £31mn, which for businesses of any size, is detrimental for survival.

In recent months, ransomware attacks have not left mainstream media headlines. And with the number and frequency of ransomware attacks increasing, not to mention the innovation in distribution methods, this should be a wake-up call for organisations to strengthen their defences.

Ransomware in the 21st Century

Ransomware is not a new phenomenon, but its use has grown exponentially and has led to the development of the term ‘Ransomware as a Service’ (RaaS), which is a subscription-based model that enables affiliates to use already-developed ransomware tools to execute attacks.

As ransomware incidents become more sophisticated and frequent, such as the increase in fileless attacks that exploit tools and features already available in the victim’s environment, the level of potential damage to a business is heightened. These types of attacks can be used in combination with social engineering targeting, such as phishing emails, without having to rely on file-based payloads. And unfortunately, ransomware is extremely difficult to prevent – all it takes is one employee clicking on the wrong link in an email or downloading a malicious attachment. 

No matter the size of an organisation, the effects of ransomware can be devastating financially and inflicting longer-term damage to business reputation. The Irish Department of Health and Health Service Executive (HSE) was recently attacked by The Conti ransomware group, who reportedly asked the Health Service for US$20mn (£14mn) to restore access. This attack caused substantial cancellations to outpatient services, part of a system already stretched to the max due to COVID-19. Some ransomware gangs operate by a flimsy code of “ethics”, stating they don’t intend to endanger lives. Still, even if a minority of ransomware organisations are developing a sense of conscience, businesses are not exempt from the damage that can be done from such attacks. 

Additionally, in the US, Colonial Pipeline paid the cyber-criminal group DarkSide nearly $5mn (£3.6mn) in ransom, following a cyber-attack that took its service down for five days, causing supplies to tighten across the US. Unfortunately, when under attack, most businesses, such as the major pipeline, often pay the ransom. Luckily for Colonial Pipeline, some of the money was later recovered by the American Department Of Justice’s Ransomware and Digital Extortion Task Force. But if they pay once – they will pay multiple times. A successful ransomware attack can be used various times against many organisations, turning an attack into a cash cow for criminal organisations offering Ransomware as a Service. So much so, that there is now an ongoing debate around whether it should be illegal for businesses or an individual to pay a ransom in order to try and deter the attackers, or at the minimum, to at least report it to the necessary regulators. 

Contain and Report It

If a ransomware attack were to occur, it is important that the organisation works with local authorities to rectify the issue and follow the guidance. Often, many ransomware attacks go unreported – and this is where a lot of criminal power lies. 

Prevention is always better than cure, and damage limitation and containment are important right from the outset. But, as the United States President, Joe Biden, highlighted in his recent letter to business leaders around ransomware: “The most important takeaway from the recent spate of ransomware attacks on U.S., Irish, German and other organisations around the world is that companies that view ransomware as a threat to their core business operations, rather than a simple risk of data theft will react and recover more effectively.” 

Most organisations should have a detailed disaster recovery plan in place and if they don’t, they should rectify this immediately. The key to every disaster recovery plan is backups. Once the breach has been contained, businesses can get back up and running quickly and relatively easily, allowing for maximum business continuity. 

As soon as the main threat has passed, it is recommended that all organisations conduct a full retrospective audit, ideally without blame or scapegoats, and share their findings and steps taken with the world. Full disclosure is helpful – not only for the customer, client or patient reassurances but also for other organisations to understand how they can prevent an attack of this type from being successful again. 

The Support of Digital Tools

When it comes to ransomware, the importance of getting security foundations right must be emphasised. These attacks are not likely to stop or slow any time soon, but their success can be prevented with the right security armoury. 

Particularly to mitigate the threat of ransomware, it is crucial to have secure endpoint protection in place that protects the file, application and network layer across many devices and responds to security alerts in real-time. This has never been more important than during the ongoing pandemic, where employees are dispersed and working from home in order to ensure all devices are protected and comply to the same standards. 

Additionally, email attachment and URL sandboxing solutions are also vital, as these digital tools provide vital protection against malicious emails. They can help prevent dangerous links, attachments or forms of malware from entering the users’ inbox by examining and quarantining them. By filtering out this traffic and automatically restricting dangerous content, businesses can maintain greater control over email and the access points to the network.

The Human Layer

The users themselves are a key part of any security strategy. Those who are educated about the types of threats they could be vulnerable to, how to spot them and the steps to take in the event of a suspected breach are valuable and critical assets to any organisation.

Employees need to be trained to be vigilant, cautious, suspicious and assume their role as the last line of defence when all else fails. The final decision to click send on an email or a link lies with the human, but this one click could mean the entire organisation falls prey to a ransomware attack. The key is to change the mindset from full reliance on IT to one where everyone is responsible. In order to strengthen a business’ human layer protection, security awareness training and education must be implemented across the board.

These programmes are designed to support users in understanding their role in helping to combat attacks and malware. Using phishing simulations, for example, as part of the wider security strategy will help to give employees insight into real-life situations they may face at any point. The importance of testing your human firewall was also outlined in Joe Biden’s ransomware letter: “Use a 3rd party pen tester to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.

Conclusion 

Cybersecurity is a multi-faceted, complicated area, and one which must receive investment in each layer, from the technology to the people to the tools we give to the users. Nevertheless, businesses of all sizes can safeguard their data and themselves from these types of ransomware attacks by investing in their cybersecurity and ensuring their workforces are conscious and informed of the threats they face. 

READ MORE:

Both detection and prevention play a key role in stopping ransomware, but it shouldn’t be one or the other. The essence of a solid cybersecurity strategy is a layered defence that includes endpoint detection and response, email security, advanced threat protection, web security and a business-grade firewall for the security of your network – at its most basic. But even with the most sophisticated software in place, hackers make it their mission to stay one step ahead of IT defences. That is why regular training and complementary security tools that reinforce security best practices can provide a fortified strategy for users to mitigate the threat of a cyberattack.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Amber Donovan-Stevens

Amber is a Content Editor at Top Business Tech

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...

Automated Testing Tools and Their Impact on Software Quality

Natalia Yanchii • 09th October 2024

Test automation refers to using specialized software tools and frameworks to automate the execution of test cases, thereby reducing the time and effort required for manual testing. This approach ensures that automation tests run quickly and consistently, allowing development teams to identify and resolve defects more effectively. Test automation provides greater accuracy by eliminating human...

Custom Software Development

Natalia Yanchii • 04th October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 04th October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing. At Testlum, we met many software development teams who were pressured to deliver new features and updates at a faster pace. The manual...

The Impact of Test Automation on Software Quality

Natalia Yanchii • 03rd October 2024

Software systems have become highly complex now, with multiple interconnected components, diverse user interfaces, and business logic. To ensure quality, QA engineers thoroughly test these systems through either automated or manual testing.

Custom Software Development

Natalia Yanchii • 03rd October 2024

There is a wide performance gap between industry-leading companies and other market players. What helps these top businesses outperform their competitors? McKinsey & Company researchers are confident that these are digital technologies and custom software solutions. Nearly 70% of the top performers develop their proprietary products to differentiate themselves from competitors and drive growth. As...