Contents:
What Is Ransomware?
Ransomware is a variant of malware (malicious software) that specifically targets files and systems by encrypting them with a protocol that cannot be broken without the correct decryption key. Ransomware operators will encrypt files and offer their victim such a key in return for payment, typically in cryptocurrencies such as Bitcoin (BTC) to make tracking illicit funds more difficult.
Ransomware has proliferated in recent years due to the advent of Ransomware-as-a-Service (RaaS) making it easier and faster for relatively unskilled operators to profit. RaaS is a cybercrime business model between ransomware operators and ransomware buyers who pay a fee to RaaS operators to use their ransomware, which can enable them with little technical knowledge to deploy ransomware attacks. Ransomware attacks are generally the result of the following:
• Phishing emails (clicking links, opening attachments or other social engineering)
• System and network vulnerabilities
• Remote Desktop Protocol (RDP) attacks
• Poor password and/or identity access management (IAM hygiene)
• General lack of cyber security strategy and /or investment
Ransomware 2023 Global Figures:
Here are some of the most significant global ransomware figures:
• Ransomware attacks went up more than 95% over 2022 (DarkReading).
• Q4 2023 showed a significant increase in victims over 2022 (Cyberint):
Year over year victims per quarter
• The number of ransomware victims in 2023 has already surpassed what was observed for previous 2 years (DarkReading).
• 36% of the organisations suffered ransomware attacks because of exploited vulnerabilities in 2023. Credential compromise was the second-most common cause of successful ransomware attacks, while malicious e-mail ranked third (Statista):
Causes of ransomware attacks (Statista)
• The average ransom payment in 2023 was USD 215,000 (Sophos, The State of Ransomware 2023).
• The average cost of recovery from a ransomware attack in 2023 was USD 1.4 million (Sophos, The State of Ransomware 2023).
But statistics tell only part of the story. Here are some real-life examples from 2023 incidents:
1. Royal Mail Attack (January): The British postal service, Royal Mail, was hit by the LockBit ransomware group, facing an $80 million ransom demand. Disruptions to mail delivery and potential data breaches were major concerns.
2. Dish Ransomware Attack (February): Customers across the United States experienced outages and disruptions to Dish Network's platforms, including websites, communications, and apps. While the company initially described it as an "internal system issue," a ransomware attack was later confirmed.
3. Australian law firm HWL Ebsworth ransomware attack (April): At the hands of the ALPHV (also known as BlackCat) threat group, stealing 2.5 million documents and releasing 1 million. This led to the largest supply chain attack seen in Australia.
4. NCR Ransomware Attack (April): Financial services firm, NCR, was hit by a ransomware attack that disrupted payment processing systems. The parent company’s Aloha point-of-sale (POS) system and Back Office app were affected by the cyber-attack. While the company claimed that only one of its data centres was hit, that facility did not store customer financial information.
5. MoveIt Ransomware Attack (May): Exploiting a vulnerability in Progress Software's MOVEit Transfer, this attack impacted hundreds of high-profile organisations, including BBC, Zellis, British Airways, and Ernst & Young. Data breaches and operational disruptions were reported.
6. Norton Healthcare Data Breach (May): A ransomware attack on Norton Healthcare exposed the data of 2.5 million patients, including current and former patients, employees, and their dependents. This sensitive healthcare information was at risk of being leaked or misused.
7. Sony Ransomware Attack (September): Sony began investigating claims of a ransomware attack by an extortion group called RansomedVC. Almost 3.14 GB of uncompressed data, allegedly belonging to Sony, had been dumped on hacker forums and the group claimed to have successfully stolen the data and would be selling it as the company refused to pay the ransom.
8. And many others…
Ransomware in Australia
As per the Australian Signals Directorate (ASD) annual Cyber Threat Report 2022–23, Ransomware remains the most destructive cybercrime threat to Australian entities. The ASD recorded 118 ransomware incidents – around 10% of all cyber security incidents. Over 90% of extortion-related incidents that have been responded to by the ASD involved ransomware.
The professional, scientific, and technical services sector reported ransomware-related cyber security incidents most frequently to ReportCyber in 2022–23, followed by the retail trade sector, then the manufacturing sector. These 3 sectors accounted for over 40% of reported ransomware-related cyber security incidents:
Ransomware-related incidents top sectors
How to prepare for Ransomware?
Organisations should consider how a ransomware incident could impact their business and their customers. To help prevent a ransomware attack, it is important to:
• Deploy email protection using best practices including DMARC, URL Filtering, and SPAM protection.
• Enforce phishing-resistant multi-factor authentication (MFA)
• Implement access controls using a least privilege model and segregate networks
• Regularly update all systems and software
• Disable Microsoft Office macros and restrict unauthorised applications
• Perform and test backups frequently
• Utilise modern endpoint protection platforms or endpoint detection and response (EDR) services
• Perform regular security assurance testing
• Conduct regular security awareness and phishing simulation testing
It is also equally important to practice incident response plans to minimise the impact on brand, reputation, and operations in the event of a successful ransomware incident. It's crucial for any organisation to have answers to key questions across various stages of the attack. Here's a breakdown of questions across four key areas:
1. Detection & Identification:
• What indicators and early warning signs could point to a ransomware attack?
• What tools and systems are in place to monitor for these indicators?
• Who is responsible for sounding the alarm when an attack is suspected? Is there a clear chain of command for escalation?
2. Containment & Response:
• What is our incident response plan and is it up to date?
• Who are the members of our incident response team, and what are their roles and responsibilities?
• What systems and data are most critical to operations? How it will be prioritised for protection and recovery?
• Does the organisation have backups of our data that are stored securely and offline? Can it be restored quickly and efficiently?
• What communication channels will be used to keep stakeholders informed during the incident? Who will be the spokesperson, and what information will be shared?
3. Decision-Making & Recovery:
• Under what circumstances would the organisation consider paying the ransom?
• What is contingency plan if the organisation chooses not to pay the ransom? How will operations be restored without decryption keys?
• What post-incident activities are necessary to prevent future attacks?
4. Legal & Regulatory:
• What are the legal and regulatory implications of a ransomware attack? Are there any reporting requirements or notification obligations?
• What insurance coverage does the organisation have for cyberattacks?
• Does the organisation have established relationships with cybersecurity professionals or legal counsel who can advise us during the incident?
It's important to remember that every ransomware incident is unique, and there's no one-size-fits-all solution. However, by proactively preparing answers to these critical questions, organisations can significantly improve their chances of responding effectively and minimising the damage from an attack.
How Spartans Security Can Help?
Spartans Security can play a valuable role in building a ransomware protection strategy by offering a multi-layered approach to security that addresses various aspects of the threat landscape. Spartans Security's expert team can help organisations to create a formidable shield against ransomware and other cyber threats by adopting proper cybersecurity standards and best practices.
Conclusion
The battle against ransomware is far from over. By embracing proactive strategies and prioritising cybersecurity at all levels, organisations can collectively turn the tide against this digital menace. Let 2024 be the year you rewrite the narrative for a safer and more resilient future.
If you have any questions, get in touch at info@spartanssec.com
Comments