The Rise of Ransomware: Understanding the Surge in Cyber Extortion
Ransomware is on the rise, and it’s not slowing down. Cryptoloc founder and chairman Jamie Wilson explains the perfect storm of conditions that have combined to allow ransomware to run rampant – and how organisations can protect themselves.
For most of the world, the past 12 months have been defined by COVID-19. But for cybersecurity professionals, it’s the rise of ransomware that has set off alarm bells. Of course, these two scourges are not mutually exclusive.
Now, there’s nothing particularly new or novel about the concept of ransomware – the practice of locking a victim out of their own files and demanding a ransom for their decryption dates back to at least the mid-2000s. What is deeply concerning, however, is how frequent and impactful these cyberattacks have become.
Ransomware on the rise
Ransomware attacks dealt unprecedented damage to organisations in 2020. The FBI reported a 400 per cent increase in cyberattacks after the onset of COVID-19, while a report into the economic impact of cybercrime by McAfee and the Centre for Strategic and International Studies (CSIS) found that company losses due to cyberattacks had reached almost $1 trillion in the United States alone by late 2020.
Whereas a typical ransomware attack against an individual may once have netted the attacker a few hundred dollars, increasingly savvy cybercriminals now target organisations, extracting hundreds of thousands of dollars from each ‘successful’ attack and helping to drive small and medium-sized enterprises out of business.
One attack in 2020 against German IT company Software AG came with a staggering $20 million ransom demand. Another German attack took a terrible toll in September, when a woman in need of urgent medical care died after being re-routed to a hospital further away while Duesseldorf University Hospital dealt with a ransomware attack.
A report by defence think tank the Royal United Services Institute (RUSI) and cybersecurity company BAE Systems found that the number of groups launching ransomware attacks grew month on month throughout 2020, and that most of these groups are now utilising a tactic known as ‘double extortion’ – not only do they force organisations to pay a ransom to operate their systems and unlock their encrypted files, but they also threaten to leak the data, intellectual property and other sensitive information in those files if the ransom isn’t paid.
Cybercriminal group Maze is thought to have been the first to employ the double extortion tactic in late 2019, and it’s since been used in attacks against major companies like Travelex, CWT and Garmin.
Consider the impact an attack like this could have on, for instance, a travel agency – not only could they be locked out of their own booking system, but they could face further consequences if the client details they have on file, including passports and driver’s licenses, are leaked.
Further complicating matters is the uncertainty about how long a cybercriminal might have been in your system. It’s one thing to back up your files every seven days, for instance, but if they’ve had access to your system for months, that’s redundant – and makes recovery close to impossible.
The perfect storm
There are any number of factors that have led to the surge in ransomware over the past 12 months, from the increasing ease of its use to the changes in the workplace caused by COVID-19 and the frequency of ransom payments.
The aforementioned report by RUSI and BAE Systems points to how easy it has become for cybercriminals to acquire and utilise ransomware, exemplified by the rise of ransomware-as-a-service. Even low-skilled cybercriminals can now pay a fee to nefarious operations like REvil for pre-packaged ransomware that they can use. Shady operators can even employ the services of ‘initial access brokers’, who sell access to pre-compromised corporate networks.
It’s long been known that ransomware attacks exploit human weaknesses as well as technical vulnerabilities, and the boom in remote working caused by COVID-19 has presented cybercriminals with plenty of both. The FBI attributed the sharp spike in cyber crime in 2020 to ill-secured virtual work environments and a reliance on email and makeshift IT infrastructures.
It’s a free-for-all that led to a dramatic increase in risk, as businesses caught flat-footed by the pandemic lost track of which devices were being used by their employees, and had no control over the security of their Wi-Fi connections. With employees operating across different networks in multiple locations, using the same devices for work and personal purposes without the benefit of their organisation’s security perimeter, the attack surface for cybercriminals grew exponentially.
Once an attacker compromises an employee at home, it’s just a matter of waiting for them to connect to the corporate network. From there, they may as well be plugged into a computer inside the office.
Often, organisations will feel they have no choice but to pay the ransom – and the more organisations that give in, the more that ransomware is normalised and incentivised. And while taking out a cyber insurance policy might seem like the responsible thing to do, it further encourages payment, turning ransomware into just another standard operating cost.
It should be noted, too, that the rise of ransomware is inextricably linked to the rise of cryptocurrencies like Bitcoin – a secure, essentially untraceable method of making and receiving payments favoured by cybercriminals for its anonymity.
I’ve seen organisations faced with the difficult choice of whether or not to pay the ransom firsthand. While there is momentum behind a push to make ransom payment illegal, it’s entirely understandable that victims would feel they have no choice but to pay up – especially when sensitive personal data or medical records are at stake, or, as in the case of Duesseldorf University Hospital, a life hangs in the balance.
Consider, too, initiatives like the General Data Protection Regulation (GDPR), which places the possessors of personally identifiable information at greater risk of substantial fines if that data is leaked, and it’s clear that ransomware is a legal and ethical minefield that can only be successfully navigated by steering well clear of it in the first place.
An end to ransomware
With ransomware posing an increasingly serious threat to all organisations, it’s essential to take precautions – but not everybody is getting the message.
McAfee and CSIS surveyed nearly 1,000 organisations late last year and found that only 44 per cent had cyber preparedness and incident response plans in place. Worse yet, just 32 per cent of respondents believed their plan was actually effective.
The obvious first step, especially in light of the remote working boom, is to ensure timely patching of all your organisation’s software and devices. While this won’t guarantee protection against attack, it will minimise your exposure.
Education is a key component of this. Organisations need to ensure that all of their employees are aware of the importance of timely patching, and regularly briefed on the latest techniques being utilised by cybercriminals. It’s every organisation’s responsibility to engage their employees with that training – it may seem time-consuming, but it’s vastly preferable to the alternative.
Above all else, though, is data. Organisations need to control who has access to their data, and know exactly what they do with it. My company, Cryptoloc, is dedicated to protecting that data – which is why we’ve developed the world’s safest cybersecurity platform.
Our patented technology – developed in collaboration with an elite team of cryptographers, mathematicians, data scientists and software developers – combines three different encryption algorithms into one unique multilayer process. It can be deployed across a wide range of applications, including file storage, document management and delivery, and counterfeit prevention and detection solutions. Our clients can send fully encrypted documents straight from Microsoft Outlook, and develop and build their own products on our secure digital platform.
Our ISO-certified technologies ensure that organisations and their employees, contractors, clients and customers can interact securely, with each piece of data assigned its own separate audit trail, and every user and action verified and accounted for.
Better yet, our ‘Zero Knowledge’ protocols mean we know nothing about the data our clients store with us. Our escrow encryption key recovery process ensures their data is theirs and theirs alone, and can only be accessed by the people they choose.
No other platform has ever been able to guarantee the same protection as Cryptoloc – and in today’s landscape, that’s the level of protection required to prevent attackers from exploiting vulnerabilities and installing ransomware.
Ransomware will only stop when ransomware is no longer profitable, and that will only happen when organisations stop falling victim to ransomware attacks. They have to have absolute certainty that they control their data – and in doing so, they can control their future.
This article first appeared in Cyber Defense Magazine.