Ransomware has been the threat of the year, shutting down sections of the economy and raising national security concerns.
The number of ransomware attacks has surged 93% in the first half of 2021, according to Check Point. High-profile victims included the nation’s largest pipeline and the world’s largest meat supplier, among others. And the forecast is even grimmer for 2022, driven by innovations in attack techniques and increased threat surface with IT/OT convergence in industrial environments.
Read this article to uncover:
Such is the concern with the impact of cyber breaches on the U.S. national security that the White House has taken a series of measures in 2021 to ramp up critical infrastructure protection. The final package of the bipartisan Infrastructure Investment and Jobs Act directs about $1 billion to modernize and protect local, state and federal IT networks.
The U.S. government has also created an official website — StopRansomware.gov — to provide resources about this threat. According to the latest cyberattack statistics, the ransomware costs to U.S. institutions reached $19.5 billion in 2020.
Ransomware is a type of malware that holds a company’s data or systems hostage. After the attackers breach the network, they encrypt files and keep the company locked out of its systems or hold their data hostage until it pays up a ransom.
The initial access might occur through:
The initial breach rarely causes damage. Once the infection occurs, the bad actors tend to stay quiet while doing network reconnaissance and lateral movement. This means that the intruders move laterally to other assets, spreading the infection, stealing credentials and gaining more control over the network. Next in the cyberattack lifecycle, they look for sensitive data and even backups of that data before making a ransom demand.
One of the extortion tactics is to steal sensitive data (financial records, confidential plans, credentials) and threaten to leak them. Another popular tactic is to encrypt the data, corrupt files and delete backups, forcing the company to pay a ransom to regain access.
These cybersecurity attacks can:
An IDC survey released in August indicated that more than one-third of organizations worldwide have experienced a ransomware attack in the previous 12 months. The manufacturing and finance industries accounted for the highest ransomware incident rates.
Ransomware is not a new threat. The Cryptolocker ransomware, for example, emerged in 2013. Threats such as WannaCry, deployed in 2017, started to target the supply chain industry. Over the years, these types of cyberattacks have accelerated with increased sophistication.
“Ransomware-related transactions in 2021 will be higher than the previous 10 years combined.”
House Committee on Oversight and Reform
Here are some factors that contribute to the proliferation of recent cyberattacks:
Advances in encryption technology, whose idea is to protect data from unauthorized access, have been crucial to the boom of ransomware threats. Encryption algorithms were developed to be unbreakable, which is why security vendors can’t go around it. The idea is to protect data from unauthorized access. Without the decrypt key, the files will remain encrypted even after the malware has been removed.
With the Internet of Things (IoT), the number of devices connected to networks keeps growing. In industrial environments, the convergence between information technology (IT) and operational technology (OT) has also increased the risks, dissolving the air gap that has protected OT from cyber threats in the past. These new trends contribute to an increased attack surface — or the number of all possible points where a breach could happen.
Securing IoT and OT devices brings unique challenges because they are:
Poor cyber hygiene and employee awareness of cyber threats make organizations an easy target for cybercriminals. Many organizations do not follow security best practices, including:
As seen in big-profile cases, such as CNA Financial, Colonial Pipeline and JBS Foods, bitcoin was the cybercriminals’ favored currency to collect ransom payments. Bitcoin and other cryptocurrencies have helped fuel this type of crime because they make it easier for criminals to maintain anonymity. These currencies are decentralized, poorly regulated and hard to trace.
With millions of dollars in payouts, ransomware has become a very lucrative business to criminals. So how much money does ransomware make? As per the U.S. Department of Justice (DOJ), organizations have paid roughly $350 million in ransoms in 2020, which is 300% more than in the previous year.
Ransomware groups often operate as organized crime. After monitoring the leak sites of 13 different ransomware gangs, Armis noted that some of these criminal organizations even specialize in targeting certain countries or sectors, such as cyberattacks in the healthcare industry.
Paying ransoms to regain access to the system is a controversial decision, often taken at the board level of organizations. According to the IDC report, only 13% of companies reported experiencing a ransomware intrusion and not paying a ransom. The average payout was almost $250,000, as per the study.
The FBI and Department of Homeland Security recommend avoiding paying ransoms and reporting the case to the U.S. government. There’s no guarantee that the intruders will hold up to their end of the bargain. In addition, lucrative payouts only encourage more criminals to pull off more ransomware crimes.
Some high-profile examples of companies that made large payouts in 2021 include:
Gartner’s latest Emerging Risks Monitor Report reveals that “new ransomware models” topped the executive concerns in the third quarter of 2021. These models include the demand for bitcoin payouts and the rise of ransomware-as-a-service (RaaS).
Like its SaaS counterpart, RaaS is a subscription-based model. In this case, criminals don’t need sophisticated technical expertise to execute attacks. They can lease already-developed ransomware tools and capabilities and pay a percentage of the ransom money collected.
These schemes contribute to the spike in ransomware activity.
More than 90% of ransomware attacks are preventable, as per Gartner’s research. Organizations can better protect themselves from cybercrimes by taking the following measures:
The first step to protecting your organization from ransomware is eliminating your blind spots. Organizations need complete asset visibility to know what devices they have in their networks and what vulnerabilities they pose. With Armis Agentless Device Security Platform, organizations can discover all devices in their environment, both managed and unmanaged.
Knowing how a device in your environment is supposed to behave can help to prevent attacks. If a device is behaving abnormally, you can stop the spread of the infection. With the Armis platform, organizations can continuously monitor their assets and network. The Armis platform also performs a risk assessment to identify all threats and help to develop a mitigation plan with policy enforcement.
To increase their cybersecurity posture, organizations should follow frameworks such as the Center for Internet Security’s CIS Controls. CIS Control 10, for example, focuses on malware defenses. Other best practices include multifactor authentication, network segmentation and zero trust policies. Educating employees about cybersecurity risks and ensuring your data is backed up and known vulnerabilities are patched can also help to prevent breaches.
Organizations should prepare to act in case of an incident. It’s crucial to have a strategy to help mitigate, respond to, and recover from cyberattacks. Ransomware is a federal crime, and organizations are encouraged to report incidents to law enforcement, such as the FBI or the Secret Service.
Armis can help you get a complete inventory of hardware, software and users in your network. But we don’t stop there. Our platform analyzes all traffic and asset behavior, identifies security gaps and threats and orchestrates automated actions to stop attacks—all without the need for disruptive security agents. Book a demo to learn more.
Discover more of the IT OT Convergence Playbook:
Sign up to receive the latest news