According to a recent and interesting report from the Cybereason company, ransomware has evolved and structured into a real millionaire business.
A joint report by the United States, Australia and the United Kingdom published in early February 2022 by the Cybersecurity and Infrastructure Security Agency (CISA), declares an increase in the complexity of ransomware operations with a constant evolution during 2021, a growing technological sophistication and the consequent greater global danger to organizations.
These advanced ransomware attacks, called RansomOps, involve much more complex and targeted attack sequences by trained and certainly not improvised actors. They are also much more intricate attacks that aim to remain hidden in order to spread as much as possible in the victim's network before sending the request for payment of the ransom.
In this new scenario, criminal organizations have also structured themselves to act with targeted attacks on the one hand, while on the other they invest the illicit proceeds in the search for ever new and evolved solutions. Favored, in this, also by the lack of preparation of the victims who, despite being unsuccessful, pay high ransoms to get their data back.
In the event of a ransomware attack, there is no need to pay the ransom.
In fact, 80 percent of the victims who decided to pay the ransom were subsequently hit by a second attack, and very often by the perpetrators themselves. Not only that, 54% of affected companies reported that some or all of their data was damaged during the recovery process: paying the ransom does not mean regaining access to all encrypted data because the decryption utilities provided by the managers of the attacks do not always work properly.
Without forgetting that paying the ransom can incur heavy penalties from the government for supporting criminals who sponsor terrorism. Obviously, the consequences of a ransonware attack also affect the entire chain of customers, suppliers and related production, damaging not only the affected company: in fact, data is a precious material for those who handle it. According to a report from Cybersecurity Ventures, the overall volume of ransomware attack operations was 304.7 million in the first half of 2021, a 151% increase over the same period last year and over 100,000 more attack attempts. compared to the whole of 2020.
How to stop the spread of ransomware attacks.
The most common method of dissemination is always to use phishing emails, followed by vulnerabilities in browsers and operating systems and an insecure RDP that leaves open possibilities for intrusions. The same corporate structures also fall within this risk landscape, the damage caused by such an attack in fact has a domino effect not only on production factors but also for employees with consequent layoffs. A network mapping can prevent similar attacks and prevent account breach attempts and credential theft, report unusual attempts to access other network resources, detect data exfiltration and file encryption attempts, block execution of the malicious code that precedes the encryption of systems. Some companies have also taken out insurance that covers damage from a risk related to ransomware, in addition to having also enhanced data backup to avoid their cancellation in the event of attacks. Finally, new technologies on the defense market such as XDR (Extended Detection and Response) solutions identify threats in advance through telemetry correlations of the entire network and will be an indispensable support for technical security personnel to anticipate malicious actions before the attack. .