Two critical questions pervade the most recent cybersecurity discourse, namely:
- Are we seeing a surge in ransomware?
- If so, what does that surge in ransomware mean for enterprises and cybersecurity?
Of course, these aren’t idle questions. The answers can and should determine how you approach your next-generation endpoint security solution and your cybersecurity overall.
What can you do to prevent ransomware? How should you handle a ransomware attack? We answer all of these questions below!
Wait, What is Ransomware?
Before we can explore this supposed surge in ransomware, we need to outline what qualifies as ransomware.
By design, ransomware infiltrates enterprise networks and holds either selected crucial databases or entire IT environments hostage. Afterward, the hackers only release these files or networks if their victims pay them, usually in the form of cryptocurrency. After all, cryptocurrency offers a degree of anonymity in its present form.
To add pressure to their demands, hackers may employ a ticking clock. For example, a victim enterprise may only have 24 hours to pay the hacker before they delete the files permanently.
Under almost all circumstances, once the victim pays the ransomware hackers actually return the files or network. In fact, some cases reveal hackers willing to negotiate on their initial ransomware demands. Don’t consider this an “honor among thieves” scenario; for many hackers, this is their livelihood. Even a smaller payout than expected trumps no payment at all, so they prove likely to negotiate deals which guarantees an income.
Often, but not always, ransomware disguises itself as a more legitimate message. Famously, some ransomware attacks mimic a message from the FBI or IRS; the victim is accused of some crime or tax issue and told to pay a fine or suffer legal consequences.
Obviously, the appearance of authority can scare victims into paying before thinking through the nature of the request. For the record, no law enforcement agency or governmental department ever engage in these tactics.
So Are We Seeing a Surge in Ransomware?
While we haven’t yet seen a surge in ransomware among enterprises, recent attacks on the public sector don’t bode well:
- At least three cities in Florida suffered ransomware attacks over the course of this year. All of them paid hundreds of thousands of dollars in bitcoin to end the attack. For example, Riviera Beach, Florida, paid the equivalent of $897, 650 after suffering three weeks with no computer access.
- In May, the city of Baltimore paid over $18 million to a ransomware attack.
- Last year, the city of Atlanta suffered a similar fate—they paid around $17 million.
In a January interview with Sash Sunkara, Co-Founder and CEO of RackWare, she predicted ransomware attacks will become more likely in 2019. In fact, she also predicted enterprises of all sizes faced the potential for a surge in ransomware attacks; those attacks, in turn, will become more sophisticated as the payments prove consistent.
So Am I in Danger?
The recent headlines emphasized the danger to the public sector. However, just because you have a private business doesn’t guarantee your safety. The attack on the public sector may yet p[rove a warm-up for much bigger targets…including your enterprise.
Why Are We Seeing a Surge in Ransomware?
Most likely? Ransomware works. Not always, but it works enough of the time to make it a safe bet for the digital threat actor looking for a lucrative venture.
Yet if we broke down the situation further, we can find a few more in-depth explanations:
Ransomware Rewards Bad Behavior
In the Middle Ages, cities and kingdoms would pay Viking raiders a “danegeld” to stop attacking their lands and peoples. In other words, they paid a ransom for their continued safety. This had the short term effect of stopping the immediate raids.
However, dangelds also had the long term effect of showing other Vikings they could raid and expect a bribe to stop. So the raids continued, often on the same countries which had paid off other pillagers.
In other words, even in medieval times, rewarding bad actions begets more bad actions.
The surge in ransomware may be linked to this quirk of human psychology; certainly, it stems from the same tactical lineage. Yes, in the short term, the worth of preventing downtime on ransomed endpoints could exceed the worth of the ransom. Yet paying could make you, and other businesses, a target for future attacks.
Certainly, cryptocurrency mining malware saw a boom last year, but it has its own issues. Those attacks require longer dwell times for less payoff. Moreover, the profits of cryptocurrency mining malware depend on the value of the currencies, which remain in flux most of the time.
Fileless malware can achieve success, but it’s a new technology and often far less direct in terms of payment.
Ransomware doesn’t suffer these issues. In fact, hackers can set the ransom at whatever price they desire and can often expect to see it paid directly.
Ransomware is Anonymous
Granted, ransomware shares this trait with its malware cousins. Yet it remains true; most cybersecurity experts can’t identify the actors behind any individual strain of ransomware. Therefore, hackers usually escape prosecution even if their attack fails.
Paying Seems So Easy
We alluded to this above, but paying the ransomware can seem like the path of least resistance. Just pay them a sum, often comparatively paltry, and get your business back in order. Simple, right?
Obviously not; the answers in cybersecurity rarely are. In addition to the consequences listed above, just paying the ransomware often leaves the initial security hole open. Nothing stops the hacker from coming back and pulling the same stunt again.
How Can You Prevent or Mitigate A Ransomware Attack?
The surge in ransomware attacks should be matched by a surge in cybersecurity best practices to combat it. The less likely hackers can expect to receive payment for their attacks, the less likely they choose to attack at all.
Here’s what your enterprise can do:
- Deploy a next-generation endpoint security solution with multiple threat intelligence feeds and EDR. Legacy solutions won’t have the capabilities necessary to combat modern evolved ransomware.
- Engage your employees in regular cybersecurity training. Most hackers bundle their payloads in phishing attacks. Helping your employees to recognize phishing attacks early can greatly reduce the chances of your enterprise suffering a cyber attack.
- Employ and practice a consistent and comprehensive incident response plan. Part of the reason enterprises choose to pay the ransomware stems from being caught unprepared and panicked. Don’t let that happen.
- Always back up your critical databases and files.
- Do not pay the ransomware.
If you want to learn more about what next-generation endpoint security can offer you in terms of ransomware protection, check out our Buyer’s Guide!
Latest posts by Ben Canner (see all)
- The Five Best Consumer Antivirus Products and Tools - July 2, 2020
- Critical Capabilities in Modern Remote Endpoint Security - June 30, 2020
- Where Does Endpoint Security Overlap With Identity Management? - June 26, 2020