The Rise Of Ransomware Attacks

26th August 2021

What typically starts with someone clicking a seemingly harmless link sent to their email can lead to a crisis that destroys businesses, stoke geopolitical tensions, and impact the global economy.

Recently, there has been a sudden rise in ransomware attacks. These attacks left important American infrastructure vulnerable, caused disruption in major supply chains, thereby making it evident that many organizations are vulnerable to insidious cyberattacks.

The rise of ransomware attacks in the last year is due to various factors. These include the popularity of difficult-to-trace cryptocurrency, a boom in WFH (work-from-home) practices that have created new vulnerabilities, and a tense political climate between America and Russia.

WFH and Increased Cyber Attacks

In this article, I will discuss why ransomware attacks have increased in the last year, how they have evolved, and why appropriate cybersecurity measures are crucial to protect your data.

Due to the Coronavirus, many organizations have shifted to remote work. This has resulted in various cybersecurity challenges as most organizations lacked the experience, protocols, and technologies for secure WFH practices. Lack of cybersecurity awareness amongst employees, and lack of control/reduced security over personal devices further added to the problem.

Naturally, businesses experienced more cyber threats and more data breaches. Malwarebytes reports that around 20 percent of organizations have faced a data breach since the beginning of the pandemic. Consequently, they had to deal with increased costs and unexpected expenses. Many organizations now realize how crucial a WFH cybersecurity strategy is to minimize vulnerabilities and reduce their attack surface.

Colonial Pipeline Attack

A recent target of a ransomware attack was Colonial Pipeline. One of the largest oil pipeline systems in the United States, Colonial Pipeline was forced to halt its operations or pay the ransom demands of the criminals. This attack resulted in the temporary shutdown of a company that provides about half of East Coast’s fuel consumption. Ultimately, they had to make the decision of paying around 4.4 million dollars in ransom to DarkSide via cryptocurrency.

How ransomware attacks have evolved

Before I discuss why the pandemic has resulted in the rise of ransomware attacks, let me define what is considered a ransomware attack. Generally, ransomware attacks involve software that can spread throughout a user’s computer system once activated. The ransomware can then infiltrate networked systems and encrypt the files of a user. At this point, the data becomes inaccessible without the encryption key. In order to obtain that key and regain the data, the user has to pay a ransom to the cyberattackers.

This model emerged in the 1980s and became popular and more complex in the 2010s. However, the recent attacks that have embroiled U.S. companies are way more complex. It is not only harder to crack the encryption key and retrieve data without paying ransom money, the stakes now are also higher for the victims. Ransomware has grown so much that it is not only about encrypting data and asking for a ransom to unlock that data. It is also about extortion. Attackers now threaten the victims to sell or leak sensitive data. They access this information via a method called “dwelling.” This involves spending weeks and weeks embedded in the computer system of an organization undetected. Observing the organization from the inside allows the attackers to determine the most critical data to exploit and encrypt. As a result, they also gain access to sensitive information.

The havoc ransomware attacks cause does not end there. An organization’s reputation can get severely affected due to news of cyber attacks and data breaches. It results in bad press, causes customers and employees to turn against the target organization, and reinforces to criminals that the particular organization is an easy target for such attacks. All these various factors force companies to pay the ransom to the attackers.

How you can protect yourself from ransomware attacks

While there isn’t a single solution that can help thwart ransomware threats, there are several preventative measures you can take to significantly reduce the risk of ransomware attacks.

1.Constant vigilance is crucial. This means following and maintaining a security policy. Implement the best and latest security measures.

2.Review the incident response strategy of your company to ensure your team can effectively deal with the situation in case of a ransomware attack.

3.Enable multi-factor authentically on every company account, including social accounts and service accounts. Have spam filters in place.

4.Use a secure messaging app as your communication channel in case a cyberattack impacts the email systems of the company.

5.Provide training to your employees on how to identify phishing links. Make sure they are aware of how threat actors operate so they can detect and avoid threats.

6.Use a datatrust platform to effectively manage and leverage your data assets. Keep in mind, a datatrust is not the same as a data warehouse or a data lake. It is not just a large storage location or repository to accumulate data. A datatrust platform provides companies the sovereignty to access and unlock innovation while ensuring that public assets remain private and are properly protected.

With good cybersecurity hygiene and preparation, and a well-thought-out plan, any organization can mitigate the risk of and deal with ransomware attacks effectively.