Steve Barclay summed up the current status of ransomware threats in the U.K. at a recent Cyber U.K. conference in Wales.
“And the greatest cyber threat to the U.K. – one now deemed severe enough to pose a national security threat – is from ransomware attacks.”
Ransomware is one of the most insidious and harmful forms of malware. If your organisation is infected with ransomware, expect chaos. No matter what size your company is, ransomware causes damage. This damage is not just about the extortion of money; ransomware gangs also encrypt files and use them to extort payment, with no guarantee they won’t subsequently abuse that data.
Even if the ransom is paid, there is no guarantee of receiving the decryption key and regaining access to your files or systems. The best way to deal with this form of malware is to prevent infection in the first place. Here is a look at the reality of a ransomware attack with tips on preventing infection by this most dangerous malware.
The Ransomware Landscape In 2022
The 2022 Data Breach Investigations Report states this on the topic of ransomware:
“This year ransomware has continued its upward trend with an almost 13% increase–a rise as big as the last five years combined.”
Ransomware attacks often have a wide-reaching impact. The U.S. oil pipeline system, Colonial Pipeline, is an example of how ransomware can affect a company and its customer base. During this ransomware attack, the whole U.S. Southwest was involved; a single compromised password was behind the infection.
But ransomware is not just a problem of critical infrastructures. According to a 2022 report from Cyberedge Group, 71% of companies were infected by ransomware in 2021. This year seems set to break even those records. The Blackfog, “The State of Ransomware in 2022” report found that ransomware attacks are keeping pace or above the 2021 figures.
Cybercriminals are emboldened by their success. So much so that their tactics have become more focused and brazen. A variety of attacks across all sectors demonstrate the wily nature of the attackers:
Macmillan: The publishing house was forced to shut down systems when they experienced a ransomware attack in June 2022. The company was unable to handle book orders or gain access to emails.
Costa Rica Government: Conti ransomware was behind the second attack on the Costa Rican government. The attack caused chaos and impacted the healthcare system, with 30,000 media appointments being rescheduled because of the infection.
UK Schools: No organisation is immune to ransomware; many UK schools were targets of these malicious attacks in 2021. This trend continues into 2022, a recent example being a ransomware attack on Durham Johnston School in County Durham.
Ransomware Attacks In The Wild (Ransomware Strains Today)
The landscape of ransomware strains ebbs and flows as new or upgraded versions of ransomware become available – with ransomware gangs brazenly gloating over their success. Sophisticated gangs will often use social media for advertising their stolen data.
For example, the Conti Gang recently attacked Ireland’s Health Service Executive (HSE) and used a public-facing site to negotiate with victims and collect ransoms. Conti was a derivative of the earlier RYUK gang behind the Colonial Pipeline attack. The Conti site recently closed, but this may not be the end, only a change of management.
Blockchain analytics company, Chainanalysis, noted that there were more ransomware strains in 2021, than in any other year since recordings began in 2011.
Some of the current ‘in-the-wild’ strains of ransomware include:
Magniber ransomware is an older strain that was recently upgraded to target Windows 11 machines. The ransomware is distributed using fake Windows update alerts.
REvil is another older strain that has been upgraded and repackaged. REvil was the ransomware behind the massive supply chain attack on Kaseya. Revil went offline in 2021 as part of an international investigation by law enforcement authorities. However, in May 2022, a new REvil code was identified by security researchers, causing concern over possible future REvil gang attacks.
Onyx, Mindware, and Black Basta are three new or rebranded Ransomware-as-a-Service gangs that researchers identified in 2022. These RaaS groups may use existing ransomware strains but have highly effective mechanisms to deliver them, typically via spam emails. Onyx is particularly nasty ransomware that can overwrite larger files leaving them unrecoverable.
As 2022 continues, new or upgraded strains will likely enter the space. However, Kaspersky has identified similar patterns to how ransomware is delivered and propagated across a network. This type of intelligence helps companies determine the measures that can be used to prevent ransomware infection.
Tips To Prevent a Ransomware Attack
Nothing is as good a cure for ransomware as prevention. Human factors in cyber attacks are well-known devices to initiate an attack. This is also true of ransomware infections. Phishing and users running a malicious executable (e.g., an infected attachment) are two of the most common ways cybercriminals begin an attack.
Therefore, focusing security measures on human beings is an essential layer of protection against ransomware. Some tips to stop ransomware attacks include:
- Use phishing simulations: phishing is still one of the most typical methods to begin a ransomware infection. Ensure that employees are regularly subjected to phishing simulation exercises to get them used to the patterns and trends of phishing emails.
- Use a secure VPN: ensure remote and home-based employees use a secure VPN to access any internet site.
- Patch: keep all systems and devices patched and up to date with security updates to protect your endpoints.
- Create a security culture: use Security Awareness Training across your entire organisation, including contractors and other business associates. Build a security-first mindset by developing a culture of security. This will minimise poor security practices that can lead to vulnerabilities in your organisation.
- Apply technical security measures: build up your security arsenal using best-of-breed security measures to harden your network. This should include content scanning, filtering, and a web application firewall (WAF).
