When pressure from law enforcement led to the disbandment of several high-profile ransomware gangs during 2021 and 2022, analysts and companies alike wondered what this meant for the threat of ransomware. Some speculated that these attacks would eventually fade into relative obscurity, but ransomware still regularly makes media headlines.
Cybersecurity Ventures boldly predicted a marked increase that will see ransomware striking every two seconds by 2031. So, what does this mean for your security defenses and how can you stay protected if the threat landscape worsens?
The dissolution of notorious gangs like Conti and REvil appeared to offer some respite for organizations from ransomware. It was perhaps even natural that attacks temporarily went down as other groups and actors exercised caution against attracting too much attention.
Months of decline came to an end midway through 2022 with a surge of attacks. The threat of ransomware doesn’t appear to be dwindling, even if the tactics have evolved over time to incorporate data exfiltration and double extortion.
Many sectors remain vulnerable
It takes time for the recognition of cybersecurity weaknesses in a sector to translate into long-term improvements in security postures. Industries like healthcare rely on legacy computer systems that often lack robust security features; evolution gets hindered by a lack of tolerance for downtime, employee resistance and other factors.
In the education sector, most schools and universities can’t compete with the level of funding that large organizations and enterprises allocate to their cybersecurity strategies. Other sectors and smaller companies also lag behind in basic security measures, which makes them attractive targets for ransomware actors.
For the companies that suffer most from a lack of resources, chronic cybersecurity staff shortages don’t magically go away. This shortage leaves the vital human element in security lacking sufficient expertise to deal with a more menacing ransomware threat landscape.
The allure of low-risk, high-reward
Ransomware attacks offer cybercriminals an almost unbeatable balance between risk and reward. The reward side of this balance changed favorably when companies shifted their focus from individuals to businesses in 2016 and 2017.
Previously, ransomware attacks tended to offer pretty low rewards in the order of a few hundred dollars from an unsuspecting victim. Today, the worst-hit organizations pay out millions of dollars when their sensitive data gets held to ransom and/or their critical systems get locked down.
The risk side of the balance remained relatively static even as the rewards grew. While growing media coverage has increased the spotlight on certain groups from law enforcement and security researchers, the anonymity offered by cryptocurrency payments makes it difficult to trace payments to anyone. It’s also hard to even identify threat actors when they communicate on closed dark web forums and Telegram channels.
Low technical barriers
Modern ransomware attacks are relatively easy to launch and require minimal technical knowledge in developing malicious software. Ransomware-as-a-service (RaaS) platforms and dark web marketplaces make it easy for even novice cybercriminals to carry out these attacks against any business by simply buying or renting a package of ready-made ransomware tools.
Aside from the easy availability of sophisticated ransomware variants, many brokers on the dark web even sell initial access into targets’ networks. This bypasses the need to use spearphishing or other methods to find a way in. Along with tools and initial access, RaaS gangs also lease out their command and control infrastructure, which simplifies the task of persisting access to networks and exfiltrating data.
The prediction of a new wave of attacks doesn’t seem far-fetched given that all of the above factors remain relevant. Ransomware is a highly lucrative business model that costs businesses over 1 billion dollars per year, companies remain susceptible to attack and opportunistic hackers constantly evolve their tactics. If a predicted increase in ransomware attacks transpires, what are your best options?
Deploy a multi-layered security strategy
A defense-in-depth approach is crucial for dealing with the threat of ransomware. Organizations simply can’t afford to depend on single layers or points of failure in their defenses. Defense in depth means using multiple layers of security capabilities across people, technology and operations.
To truly deal with ransomware, it’s more prudent to make the assumption that you will be hacked than to think you can just keep the bad guys out. This assumption facilitates a more holistic approach in which you layer defenses across prevention, detection, recovery and other complementary tactics.
Deploying a multi-layered security strategy might see you implementing staff training, multi-factor authentication, secure network configuration and endpoint security tools as preventative controls. Network segmentation, incident response, SSL visibility and threat hunting help with detection and response while a solid backup strategy helps you rapidly recover the availability of your most vital systems and data if they get locked down by a ransomware variant.
Leverage managed detection and response
Managed detection and response (MDR) provides you with a proactive approach to detecting and responding to potential ransomware attacks. MDR services fill critical cybersecurity gaps by using outside experts to monitor your network and systems 24/7, using advanced technologies such as machine learning and behavioral analytics to identify and investigate potential threats.
Security experts at MDR service providers give you uniquely battle-hardened knowledge that comes from dealing with a greater volume and variety of threats than the typical organization ever sees. Accessing expert knowledge and skills without any need to navigate a labor market defined by talent shortages saves a huge burden in time and cost while giving you noticeable improvements in your ransomware defenses.
Lastly, some MDR providers offer advice that can guide you on how to respond to ransomware attacks and develop incident response plans that are tailored to your specific needs. This can include recommendations on how to isolate infected systems, assess the scope of the attack, and determine the best course of action.
Nuspire’s MDR service readies your organization for combating the threat of ransomware. Thwart attacks in the cloud, on the network and on your endpoint systems with cyber threat monitoring and rapid incident response that’s always on the lookout.