Cybersecurity has always been an arms race, with each side fighting for the upper hand in a never-ending escalation of exploits and defenses. But somehow, ransomware feels different. The hospitals, schools, and cities victimized by attackers who have no conscience can confirm your fear of ransomware isn’t baseless paranoia.
So what makes ransomware such a formidable threat? And, armed with a better understanding of ransomware, can we use this knowledge to improve our defenses? Here are the four factors propelling ransomware into our collective nightmares – and a few thoughts on what to do.
Users are gullible, and that’s not something we can fix.
It’s a fool’s errand to think we can protect users from themselves. Despite our best efforts, and after making significant investments in technology and training, it’s clear we can’t wring human gullibility entirely out of the system. Phishing and deceptive malware worked yesterday, they work today, and there’s no reason to think they won’t work tomorrow. Unfortunately, account takeovers are how many ransomware attacks get their start.
Strategies to combat social engineering fall into two categories. The first approach makes it harder for attackers to compromise accounts by hardening the authentication process. Two-factor solutions do this very effectively but gaining user acceptance can be an uphill battle. If you’re contemplating this route, consider starting with critical accounts for maximum impact, like those used by privileged IT users and executives.
The second approach minimizes damage an account can cause by minimizing what that account can access. This “least-privileges” strategy, unlike two-factor authentication, won’t prevent account takeovers. Instead, it focuses on limiting attack damage and constraining an attacker’s ability to move laterally. In conjunction with strengthened authentication, least-privileges is a robust response to user gullibility.
Ransomware is invisible to traditional perimeter defenses
For well over four decades, security professionals prepared for cyber threats as they might for a bank robbery. Like money locked up in a vault, data that stayed on-premises was safe. Unwanted encryption is like stealing money without taking it out of the bank. Ransomware attackers don’t need to move a single byte outside the perimeter to execute an attack.
Recommended Insights: Tackling Security Threats During the Pandemic: The Role of Emerging Technologies
Because the perimeter no longer delineates “protected” from “lost,” ransomware attacks aren’t readily observable, and stopping them in progress is challenging. Currently, the most effective response isn’t to try and stop an attack but to recover from it without losing data or business uptime. Backup solutions are the most promising solution, but we’re not talking about your father’s backup: fighting ransomware means you’ll need a well-planned and orchestrated recovery plan that’ll keep you running.
Monetizing cybercrime has never been easier
Modern technology takes the friction out of financial anonymity. Establishing a cryptocurrency account is easy, and redeeming and using crypto is straightforward. There’s no question cryptocurrencies enable the current ransomware crisis.
The idea that ransomware attackers embrace Bitcoin should come as no surprise. Unfortunately, there’s not much we can do to make these attacks harder to monetize. Unless, of course, you can build a time machine, go back to 2011 (when Bitcoin was at parity with the US dollar), and buy yourself some cryptocurrency. That wouldn’t solve ransomware, but it would make your life a little easier.
Ransomware targets everyone, not just the big guys
Traditionally, cybercriminals hunted big fish for big payoffs. That’s no longer true: today most ransomware attacks target small to mid-sized businesses because they’re usually less prepared. Expensive email filtering software, comprehensive employee training, or complex two-factor authentication platforms are often out of reach. And once compromised, smaller companies often struggle to recover, making a ransom payment seem like the best response to a bad situation.
Consider, for example, Vastaamo, a Finnish mental health provider network with a small IT budget and thousands of sensitive clinical records. “Ransom_man,” as the attacker called himself, demanded payment from Vastaamo while also extorting individual patients with depraved threats to release private therapy records.
Of course, resource constraints were only a part of the problem that led to Vastaamo’s compromise. But as a warning, it shows the depths cybercriminals will go in their quest for ransom. Avoiding cybersecurity investments is a big gamble – especially if you’re a smaller organization managing sensitive data.
Ransomware raises the stakes, and developing strategies to cope is one of the biggest challenges today’s IT security professionals face. Avoiding the worst consequences of a ransomware attack requires vigilance, strict account access management, pervasive social engineering savvy, and recovery readiness. Fortunately, emerging AI-based tools are poised to expand the weapons available in the fight.
Content awareness is one of those new weapons. Having a clear picture of your organization’s data, including its business purpose, location, and availability, can build ransomware resilience. Least-privileges access control, for example, can be hard to implement and maintain because it requires an understanding of who should (and shouldn’t) have access to thousands or millions of dispersed files and data. Automated content discovery, for the first time, makes those decisions practical at scale. With content awareness, security professionals can also more readily assess attack damage, plan recovery efforts, and negotiate ransom if the worst happens. In the ongoing battle against ransomware, it’s encouraging to see some good news for a change.
[To share your insights with us, please write to sghosh@martechseries.com]