4 MINS READ
Service
Cyber Security
Data & Cybersecurity for Robust Defense Against Cyber Attacks
Industry
Banking
Banking on purpose-led ecosystems
Highlights
- Ransomware attacks are becoming more sophisticated and more frequent.
- Ransomware campaigns often target deep-pocketed enterprise victims in critical sectors like healthcare, logistics, and local government.
- A robust defense against ransomware involves five elements: identify, protect, detect, respond, and recover both at the enterprise level and on the larger ecosystem front.
In this article
Holding to ransom
Today’s cyber domain is a bit like the high seas of the nineteenth century, rife with pirates and privateers.
Malicious cyber actors plague businesses and government agencies by infiltrating networks, encrypting online data, and holding it to ransom.
Ransomware is now a major criminal phenomenon, and according to many IT industry and government leaders, it’s a potential US national security threat. In its 2021 annual report on ransomware, Sophos, a prominent cybersecurity firm, found that over one-third of the more than 5,000 global companies said they were hit by ransomware in 2020. India, Austria, and the United States had the highest rate of targeting (and in that order). Blackfog cybersecurity researchers also list the United States, United Kingdom, and Canada as the top three targets of ransomware. And the impact is expensive: ransomware will cost its victims more around USD 265 billion annually by 2031.
Aside from financial gains and geo-political motivations, ransomware attacks can also be a test of the victim nation’s cyber defenses and responses. The May 2021 hack of Colonial Pipeline, which supplies almost half of all transportation fuels to the eastern US, halted operations for several days, causing gasoline shortages and panic-buying across multiple US states. Similarly, a ransomware attack on Ireland’s national healthcare system shut down its computer networks and disrupted medical service delivery for several months.
Changing forms of ransomware
Cyber pirates and privateers collaborating through the dark web produced the ransomware-as-a-service model.
The gist: ransomware creators license their malicious code to affiliates for a percentage of the illicit proceeds. Other cohorts gain access to victim networks, negotiate payments, and launder the proceeds when ransoms are paid.
Ransomware campaigns often target deep-pocketed enterprise victims in critical sectors such as healthcare, logistics, and local government that can’t afford to stop operating – even for a few days. Guided by human operators instead of the earlier malware-driven attack through spam emails, these are more difficult to detect and stop. Initial access to victim’s networks might be through sophisticated spear phishing, unprotected remote desktop ports, or vulnerabilities in internet-facing servers. Once inside, malicious actors carefully map networks, identify key databases, steal files, and encrypt them. Then they deliver ransom demands.
The growth of crypto currencies, like bitcoin and the private, untraceable Monero, contribute to ransomware’s spread because they provide a secure exchange and payment medium that often can’t be tracked.
Victim profiles
An obvious target is any organization with deep pockets or those affiliated with a well-resourced entity.
Educational institutions and entities backed by private, government, and public funds form an easy and obvious target for cyber actors. Financial institutions, automobile manufacturers, engineering, and chemical firms as well as organizations that deliver key services like water and electricity also rank high on attackers’ lists.
Victim organizations are susceptible to criminal leverage, such as valuable customer data, which on disclosure would result in serious financial consequences. For example, victim organizations are more likely to pay if they must adhere to the European Union’s GDPR or China’s new personal data privacy law because they would incur steep fines upon violation. Class-action lawsuits against companies that lose control of customer data introduces another hacker incentive.
Cyber criminals also seek out victims who are technically vulnerable. Ransomware groups are an increased threat to organizations with lax network defenses, out-of-date or unpatched software, weak or nonexistent data backup, and poor staff security practices. (Yes, this is one reason why you must change your password at regular intervals).
LONE OR JOINT DEFENSE?
There are several approaches to deter cyber criminals. The gold standard is a well-designed and implemented security framework, both at the enterprise as well as at the larger eco-system level.
These frameworks should borrow best practices from NIST, ISO, and CIS standards. For example, the NIST framework has five elements: identify, protect, detect, respond, and recover.
Enterprise-level security measures
The context and motivations behind ransomware attacks are constantly evolving, understanding this is key. Good defense is rooted in security practices that keep attackers out of your system and limit their ability to move within the network if they gain access. Prepare your defenses in advance with regular, offline, and immutable data, systems, and configurations backups. Regularly test rapid recovery of digital assets to quickly restore operations if an attack occurs. To reduce the hackers’ potential leverage, strictly adhere to regulations such as GDPR, ensure customer data is locked down, and segment networks to limit the spread of an attack. Don’t forget to develop a comprehensive map of your enterprise data and craft a detailed incident response plan. As the saying goes, it’s always better to be safe than sorry.
Ecosystem defense strategy
The combination of skills, experience, resources, information, and perspective from multiple organizations improves your defense against adversaries. This cooperative and ecosystem effort should be applied at different levels and may range from strategic to the tactical. For example, one of the priority recommendations of the Ransomware Task Force (RTF), led by the Institute for Security and Technology, is to adopt an internationally coordinated, comprehensive strategy to eliminate safe havens for ransomware operators.
These security principles are most effective when applied in collaboration with independent and unbiased cyber security partners who can help assess enterprise and ecosystem-level security control gaps and risks, analyze results, and suggest ways to strengthen your cyber defense.
