Mar 01 2022

Why Ransomware Keeps Growing — and What Businesses Can Do About It

As this threat area thrives, a multipronged approach to protection can significantly reduce your company’s risk.

Cyberattackers are constantly looking for new ways to compromise systems and create havoc, but when they find something that works, they stick with it. Consider the consistency of phishing — more than 90 percent of attacks still start with a successful phishing email.

Ransomware, meanwhile, is a more recent addition to the mix. Over the past two years, ransomware has proved itself both useful and profitable for attackers. In 2021, the threat was so pervasive that cybersecurity firm SonicWall called it the “year of ransomware.” The company’s threat intelligence data lends credence to the title: Over the first three quarters of 2021, ransomware attacks spiked 148 percent, topping out at 1,748 attempts per customer in Q3, the highest number ever recorded.

For businesses, the rapid rise of ransomware is worrisome: More attacks happening more quickly means increased chances for compromise. To stay ahead of attackers, it’s critical for companies to understand the driving forces, recognize common strategies and deploy solutions that can render ransomware less risky.

What’s Driving the Rapid Spread of Ransomware?

According to Dmitriy Ayrapetov, SonicWall vice president of platform architecture, the pandemic is partly responsible for the higher volume of ransomware. “Many companies are now five to seven years ahead of their previous plans for digitization,” he says. “What this means is that attack surfaces are bigger and more fragile.”

DISCOVER: Learn more about ransomware protection with SonicWall.

The shift to commercialized attacks also plays a role in ransomware’s spread. “About 18 months ago, we noticed that attackers began moving away from emails to start targeting vulnerabilities,” Ayrapetov says. “There was also a shift to a channel-based model that saw attackers changing from writers and operators to using Ransomware as a Service options.”

In practice, Ransomware as a Service groups work like affiliate programs: Would-be hackers get access to prebuilt ransomware tools and then give a fixed percentage of their profits back to the creators.

What Strategies Are Attackers Using to Compromise Systems?

As Ayrapetov points out, attackers have realized the value in vulnerabilities for successful ransomware attacks.

“All software has vulnerabilities,” he says. “If I’m an attacker, I don’t need to trick a person to click a file. I can now keep track of vulnerabilities, then scan the internet for specific instances of these vulnerabilities and exploit them.” In addition, he points to the rise of custom code that allows attackers to establish persistence on business networks and identify the best avenue for ransomware attacks.

Malicious actors have also moved past the single-extortion phase of demanding bitcoin or other payment for the release of critical files. “Now, attackers are carrying out double extortion — they want payment and threaten to leak data,” Ayrapetov says. “They’re also conducting triple extortion, which sees them sifting through data to find a contact, customer or patient list and also applying pressure to them."

Click the banner below to unlock exclusive security content when you register as an Insider.

For Ayrapetov, the shift in tactics and techniques means ransomware isn’t going anywhere. “Today’s cybercriminals demonstrate deliberate reconnaissance, planning and execution to surgically deploy tool chains targeting enterprise and government infrastructure,” he says. “This results in larger victims and leads to higher ransoms.”

How Businesses Can Protect Themselves from Ransomware

Ayrapetov suggests a multipronged approach to reducing ransomware risk that focuses on both detecting attacks before they reach business networks and defending against intrusion when — not if — attacks occur.

Solutions such as SonicWall’s patented Real-Time Deep Memory Inspection (RTDMI) can help detect evasive malware payloads that attempt to hide in plain sight and fool traditional security countermeasures. Ayrapetov points to the rise in weaponized documents — everything from PDFs to Excel and Word documents designed to appear legitimate and wreak havoc once they’re past the perimeter. By looking past the obvious to what’s underneath the data surface, RTDMI can spot threats before they gain a foothold.

“On the network side,” says Ayrapetov, “businesses need intrusion prevention. It’s such an unsexy topic — it’s two decades old, its death has been predicted for years, but now it’s having its moment.” SonicWall’s Capture Advanced Threat Protection (ATP) solution leverages machine learning across network endpoints to analyze file behavior using a multiengine sandbox platform that includes full system emulation, virtualized sandboxing and hypervisor-level analysis along with RTDMI.

Put simply? With ransomware on the rise and showing no signs of slowing, the sooner businesses identify what’s happening and where it’s coming from, the better. And while there’s no foolproof way to foil attackers’ efforts, a multipronged approach to protection can significantly reduce ransomware risk.

Brought to you by:

AndreyPopov/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.