As the headlines showed this year, the pandemic has been a breeding ground for ransomware attacks. Since moving to decentralised systems, businesses are being targeted by ransomware regularly. Ransomware has become such a frequent occurrence that many are now saying it represents the biggest threat to online security for most individuals and businesses in the UK.
Unfortunately, this situation is getting worse as hackers have only just begun. Whether they are state-sponsored attacks or ransomware-as-a-service practitioners seeking a profit, cybercriminals are attacking the highest-profile target they believe they can penetrate and who will pay.
A global threat
From hospitals and schools to infrastructure and government sites, no one is immune from ransomware. Because of this imminent threat, ransomware is no longer just a single organisation’s cybersecurity issue – it has become a global security risk that can impact public safety.
Recent attacks have reinforced this point. In 2020, we saw the first case of a fatality being linked to ransomware. An attack on a German hospital invaded 30 of its servers, which caused the hospital’s IT systems to gradually crash. As a result, the hospital wasn’t able to provide emergency care and had to reroute a patient to another hospital. The patient tragically passed away shortly after.
In May, an attack on the Colonial Pipeline shut down its systems for days, causing widespread panic in the United States over fuel shortages. Temporary outages were reported in 11 states, with many governors declaring states of emergencies. If these attacks tell us anything, it’s that ransomware is not only disrupting businesses but impacting peoples’ lives and their access to critical services.
Putting an end to a continuous cycle
When ransomware strikes, organisations often end up paying the ransom to prevent further disruption or in some circumstances, even risk to life. This year we’ve seen this alarming trend reach new heights with some of the biggest ransomware payouts in history.
Examples include the CEO of Colonial Pipeline paying $4.4 million in hopes to get systems back online. Meanwhile, chemical distribution company Brenntag paid the same amount after experiencing an attack from the same ransomware gang – DarkSide. However, the largest known payment thus far has come from insurance firm CNA Hardy, which paid $40 million.
Security practitioners have continued to say “it’s not a question of if, but when” every organisation will be impacted. The only thing left to decide is how organisations will meet this moment.
Being prepared is key
The more an organisation prepares and is able to quickly respond when an attack occurs, the less damage there will be to systems, finances, and its reputation. The first step in ransomware protection is data segmentation. Whilst an organisation would not want any of its data compromised by ransomware, the reality is some data is more valuable than others. With a rise in exfiltration attacks, it is critical that businesses are more vigilant in keeping their critical data away from hackers. Therefore, businesses should separate their data into defined buckets and understand what needs additional protection. In order to further reduce the attack surface, maintain data lifecycle and retention policies. This will also allow an organisation to more easily maintain compliance with data privacy regulations.
When attacked, a business must be able to recover its data quickly. This means they need to manage all of their data by backing it up automatically and securely. Backup security is also paramount. Ransomware hackers target backup systems because they are a business’s last line of defense and a central pool of all data. Utilising a cloud-based solution can be an effective and powerful way to protect these backups. Don’t forget to frequently run test restores of those backups as part of an active disaster recovery mechanism.
A key step that should not be overlooked is to educate teams on cybersecurity hygiene. Employees need to be made aware of common security threats such as phishing and know how to avoid them. Every employee should complete cybersecurity awareness courses on at least an annual basis; even more successful programs weave training throughout the year with simulations.
The road ahead
It’s clear that ransomware has become too large of an issue for one organisation to overcome on its own. But whilst hackers will continue to relentlessly extort and exploit companies, progress has been made. Efforts such as the Ransomware Task Force have been a great first step at addressing this issue. The coalition published a report earlier this year that advocates nearly 50 interlocking government and private sector strategies to tackle the criminal scourge.
And there are steps we can all take. The more businesses that have tools readily available to recover from an attack, without giving in to ransom demands, the less incentivised hackers will be to make their strike. By understanding and segmenting data, securely protecting it in the cloud, and boosting cybersecurity awareness across organisations, ransomware can become less of an imminent threat, and just a manageable inconvenience.