Security

How the Ransomware Landscape Is Changing

Attacks are getting more sophisticated as threat actors update their tactics. Here’s what they’ll try next.

Anthony Cusimano is a cloud solutions evangelist for Veritas Technologies.

Ransomware threats are on the rise. An attack is likely to occur every 11 seconds in 2021, according to Cybersecurity Ventures, and the problem will only worsen as malicious actors develop even more sophisticated methods to encrypt corporate data.

The biggest reason for the increase in is simple: These attacks work. A certain percentage of businesses do pay up. It’s modern-day piracy.

Years ago, cyberthieves focused on consumers. However, stealing an individual’s identity and hacking into that person’s bank account is small potatoes. Criminals have shifted their attention to enterprises because that’s where the big money is. The bad guys know that if companies don’t get their data back, they can’t do business, which means lost revenue. They also know how much their victims can afford to pay. The average ransom payment was $154,108 during the third quarter of 2020.

A Tidal Wave of Ransomware

COVID-19 is another factor. The pandemic has accelerated the adoption of remote work and multicloud strategies, opening up new attack vectors. Threat actors still target individuals, but now the goal is to persuade employees to click on a well-crafted phishing email. All it takes is to fool one person, and they are in the corporate network.

Fully remote work environments created a resiliency gap. As staff remotely connected to corporate data centers and adopted cloud services, the traditional security infrastructure and policies were no longer sufficient.

IT departments implemented new security measures, of course, but some have not been able to keep up with the complexities of the new environment. This resiliency gap has ransomware operators salivating.

Take a company in the midst of a digital transformation, for example. With software development teams working from home, mistakes happen.

Software code is incredibly valuable data for companies. It’s their secret sauce. In the past, development teams could not take code out of the office. It was inside a corporate network.

Now, imagine a developer sharing code on Microsoft Teams or Cisco Webex. If the code can intercepted, it can beheld for ransom.

Ransomware technology is still very much in its infancy. Over time, it will improve its social engineering tactics and get better at finding vulnerabilities in hardware and software. Soon, criminals will even use artificial intelligence to make smarter decisions on the best employees to target for phishing attacks.

We will also see increased attacks from Ransomware as a Service, a subscription-based model that allows cyberthieves to attack businesses without having to develop ransomware themselves. Ransomware as a Service is still niche, but attacks from these services will become much more common this year as more criminals try to use ransomware to make money.

How to Protect Your Business

To defend themselves, companies must implement security measures and tools that protect their corporate data. The National Institute of Standards and Technology’s Cybersecurity Framework is a good place for organizations to start. The NIST framework features five pillars that businesses should follow: identify, protect, detect, respond and recover.

Protection is a key pillar. Best practices include providing employees with security awareness training, using endpoint security tools and making backup copies of data. For many businesses, the question isn’t if they will get infected by ransomware, but when. A backup copy of data can allow them to recover without having to pay ransom.

The key is to deploy immutable backup storage. It is immutable in that the data is encrypted and written once and can never be changed. No one can penetrate it or overwrite it. If businesses have immutable storage, it’s all the backup they need.

tihomir_todorov/Getty Images