Ransomware attackers are doubling down for both data and money
Cybercrooks are casting wider nets to snag the unwary as working from home makes it easier for attackers to infiltrate computer networks and infect devices, causing cyberattacks to increase exponentially.
Cyber criminals are getting bolder with new tricks up their sleeves. Research predicts that ransomware will attack a business, consumer or a device every 11 seconds this year, with remote workers experiencing a sharp uptick in threats. Cybercrooks are casting wider nets to snag the unwary as working from home makes it easier for attackers to infiltrate computer networks and infect devices, causing cyberattacks to increase exponentially.
In Singapore, more people are falling victim to cyber incidents, up from 28 per cent in 2019 to 37 percent in 2020, according to figures from the Cyber Security Agency of Singapore (CSA). This worrying trend reflects the global prevalence of cyber incidents.
While ransomware attacks on large businesses, such as the recent cyberattack that exploited multiple vulnerabilities in Kaseya's software, dominate international headlines, smaller organisations are not spared. In Singapore, CSA received 89 reports of ransomware in 2020, a 154 per cent increase over cases reported in 2019 - and this covers only those who choose to report to the authorities. Affected entities were mostly local small and medium enterprises (SMEs) from several sectors, including healthcare, manufacturing and retail.
Many SMEs prefer to deal with cyberattacks on their own as they fear the potential reputational damage from negative press. This unfortunately puts them at risk of losing their businesses entirely due to a lack of resources to navigate such incidents single-handedly.
VICIOUS EXTORTION CYCLE
If your company's data is held hostage, what can you do to remediate its effects? Some organisations choose to pay the ransom because it appears to be the fastest and most cost-effective solution to recover encrypted data. But it does not end there. Cybercriminals today have tightened their grip.
Attackers are asking for more - the average ransom has soared to over US$178,000 in 2020 and is projected to reach up to US$20 billion. To add salt to injury, attackers seldom deliver on their promise despite the hefty price tags they demand.
In April this year, Cybereason issued a report Ransomware: The True Cost to Business that included data from over 1,200 cybersecurity executives globally, including in Singapore, and found that while over half of victims pay the ransom, only 46 per cent regained access to their servers, with some or all the data corrupted.
Organisations that paid ransom demands in the past were not immune to subsequent ransomware attacks either. The same Cybereason survey found that 80 per cent of those who paid the ransom were attacked again, often by the same perpetrators, restarting the vicious cycle of extortion.
Instead of paying the ransom, companies are often advised to adopt a data protection and recovery strategy. But doing so gets more challenging as cybercrooks continue to expand their arsenal.
With new tactics on the rise, such as double extortion attacks, attackers steal data before locking them. A ransom is then demanded to unlock the files or, increasingly, to prevent them from being leaked. What is worse, paying up provides no guarantee that the stolen data would not continue to be exploited or auctioned on the dark web.
The rise of digital transformation, for better and worse, has inevitably paved the way for more sophisticated cyberattacks. In response, we must wake up and acknowledge that traditional threat prevention strategies are no longer adequate to prevent data loss and theft. Not today.
Many organisations believe they have the right people on the job and specific plans to manage ransomware. Yet, data from the Cybereason survey reveals that a false sense of confidence may bolster such beliefs because 81 per cent of those organisations are still highly concerned about the risks of ransomware attacks, despite having taken steps to fight ransomware.
PREVENTION STILL BETTER THAN CURE
What can businesses do to strengthen their security? Prevention is still the best strategy for managing ransomware risk. Here are three initial recommendations to consider to protect your company's networks, systems and devices.
Firstly, follow security hygiene best practices. Ensure security teams carry out timely patch management to eliminate vulnerabilities and perform regular offsite data backups that can be accessed during emergencies. For the wider company staff, especially those who work remotely, provide them with the necessary awareness training, so they know the security dos and don'ts.
Secondly, deploy multilayer prevention capabilities. Think of your multilayered security strategy as a series of filters - the more filters in place, spanning across your remote access, key applications and servers, and cloud-based systems, the better your company's ability to sift out the unwanted and retain a strong security posture.
Thirdly, implement extended detection and remediation solutions across your digital environment. That would provide added visibility, which helps end advanced ransomware attacks before they can gain footing on the network.
These steps require investment and efforts from organisations - although they cannot promise total threat prevention, they go a long way in equipping the business with the right capabilities to detect and respond to ransomware attacks before threat actors strike.
KEEP YOUR DATA CLOSE AND YOUR DATA THIEVES CLOSER
While keeping your company's data safe is essential, keeping on top of your enemies is even more critical as it enables you to defend your most critical assets should they attack. Cyber criminals have grown emboldened with years spent honing their techniques. As their tactics evolve, so must our security measures and tools. We need to keep pace with cybercrime trends to stay steps ahead of their next attack.
A silver bullet that can end ransomware does not yet exist. But we are one step closer to that end when we focus on fixing the root causes that enable attackers in the first place. And it starts from fostering a healthy cybersecurity culture where employees are trained to recognise and report suspicious behaviour, and the right technical safeguards are in place to reduce the probability of severe business disruption.
Your data or your money - that is no longer the question from cybercriminals today. They want both. They have the means to exploit us, but the good news is, so do we to defend ourselves. The sooner we fight back, the better our chances of prying free their unwelcomed fingers from our data and keeping them locked out, where they belong.
- The writer is general manager for Apac, Cybereason
Source: Business Times © Singapore Press Holdings Ltd. Permission required for reproduction.