Posted by Geraldine Hunt on Tue, Jan 12th, 2021
…and How to Prevent a Ransomware Attack?
Ransomware is arguably both the most concerning and most successful form of cyber-attack that business has ever had to deal with. This insidious threat has been around in its modern form since the 2000s, using tried and tested social engineering tricks, helped out by vulnerabilities found across our technology and IT networks.
Well-established it may be, but ransomware is going nowhere. According to Kroll, a company that performs global investigations into cyber-risk, ransomware was the most observed threat in 2020. Here is a look at the impact that ransomware has had on the industry in 2020 and how to prevent ransomware attacks.
2020 The Year of Ransomware
The scourge of ransomware looks set to continue with an increase of 40% in ransomware attacks during Q3 of 2020. This equates to almost 200 million infections, globally. Some of the lowlights of ransomware in 2020 include:
Increasing Ransoms and Ransomware The Leveler
2020 not only saw a surge in ransomware but the ransoms being demanded increased. A report from the insurance sector, “H1 2020 Cyber Insurance Claims Report” saw a 100% increase in ransomware demand. The report also pointed out that 87% of all claims made were due to three types of attacks: ransomware, funds transfer fraud, and business email compromise (BEC), with ransomware being the top claim type. The report also highlighted that ransomware is the great leveler; the losses from a ransomware attack being as severe for smaller organizations as for larger enterprises.
Ransomware Got Even Nastier
All ransomware attacks are nasty and cause a major impact on all types of organizations infected with the malware. However, there were some notable nasty ransomware attacks in 2020. One particular example stands out. An attack on a German hospital ended in the death of a woman who was turned away from the affected hospital as they could no longer take in patients; the re-routing of the patient to another hospital delayed treatment resulting in her death.
Covid-19 Themes and Ransomware
According to KPMG, Covid-19 themes were behind many ransomware campaigns during 2020. Organizations were targeted with realistic looking emails using Covid-19 related content. Cybercriminals also took full advantage of home working, offering free downloads of online collaboration tools to encourage the user to click a link or open an infected attachment.
Using Covid-19 related email scams to deliver ransomware is expected to continue into 2021. Security experts predict that ransomware threats will be propagated using Covid-19 vaccine related emails in the coming months.
Ryuk, a Case Study
Ryuk ransomware seems to be the weapon of choice for ransomware attackers in 2020. Attacks using Ryuk accounted for over one-third of all ransomware attacks in 2020, with 67.3 million infections caused by the malware by Q3, 2020. Ryuk is not a new type of ransomware but it is used persistently and new ways of infecting devices with Ryuk are always being explored. A recent example was a 2020 Ryuk ransomware campaign based on phishing emails that directed targets to a Google document on a GDrive. The target recipients were tricked into clicking the link with the promise of an important financial statement.
Ransomware Attacks in 2020
It is unlikely that we will suddenly see the demise of ransomware attacks. Instead, organizations of all types and sizes have to head off this cyber-threat with a proactive security stance. There is no one-size-fits-all solution to ransomware prevention. Instead, the enterprise can use a mix of detect and prevent along with disaster recovery (if the worst does happen):
Detect and Prevent
Ransomware can enter the network using several techniques, this includes hackers finding vulnerabilities in commonly used services such as Remote Desktop and its associated protocol (RDP). However, phishing is still a major route for malware (including ransomware) to enter the corporate network. To prevent ransomware from infecting a device and subsequently infecting a network, your organization should:
- Implement robust multi-factor authentication if it's available. If an app only uses passwords, enforce the use of a strong password, and update regularly.
- Be security aware. Train all staff, including system administrators, about phishing and how to spot spear-phishing as well as more general email phishing.
- Use a Web Content Filtering platform. This prevents employees from navigating to dangerous websites that may infect a network with ransomware
- Use an email protection service to stop spam emails. Some best-of-breed email protection systems will proactively protect Office365 email and run anti-virus checks on any incoming emails.
- Use a monitoring system designed for the modern malicious threat. These systems leverage smart technologies such as machine learning to detect threats in real-time.
If the worst does happen, and your system is infected by ransomware, the damage can be minimized if you have a secure backup system in place.
Other Considerations for Reducing Risk of Ransomware Attacks
Security is rarely an on/off switch. To create a secure working environment, especially one that may include a large number of remote workers, an organization needs to create a culture where security is second nature. This means turning to cloud-based security services that are designed to take the weight off an IT department in terms of securing data and IT resources. Modern security solutions are built to aid the IT team and provide security monitoring, reporting, and prevention, controlled using remote management interfaces to allow easy configuration.
2020 has been a challenging year for everyone and ransomware has only added to this. In 2021, we are unlikely to see cybercriminal activity decrease. The fraudsters behind ransomware will continue to use the technique to make money, and in doing so cause harm to organizations. By being proactive and using the right tools for the job, cyber criminals will not be able to hit your organisation with a ransomware attack.
Make security second nature in your organisation with TitanHQ. Be ready for cyber criminals and prevent ransomware attacks. Get access to a free trial WebTitan today to test out all the protective features available.