While the world is emerging from the COVID crisis, another kind of pandemic is on the rise. Ransomware continues to hit companies and organizations of all shapes and sizes, with attacks growing ever more brazen and costly.
While there have been a number of high profile attacks in recent months, the majority of ransomware attacks still target small and medium businesses. Many smaller companies can’t afford dedicated IT security staff, so everyone needs to be aware of new tactics used by hackers.
Backups are no longer enough
As organizations struggle to beef up their digital defenses, hackers are also searching for new ways to extort as much money as possible. The first generation of ransomware tried to extort victims by encrypting their file systems and then demanding money in exchange for the key.
There’s an easy workaround to this, however. Having a backup means you can just restore your systems, deleting the malware in the process.
In response, hackers started to put in extra efforts to encrypt backups as well. By secretly monitoring a network for days, they could find out where backups were located and encrypt them, even on cloud hosting services.
Many companies now adopted practices like keeping multiple air-gapped backups across different media. This makes it much more difficult for hackers to completely lock the files of their victims.
As a result, hackers are searching for sensitive data to steal and use for blackmail.
Leveraging Data Leaks for Extortion
Data leaks can come with devastating costs for victims. Failing to protect sensitive customer data undermines trust, and sometimes leads to fines and lawsuits. In the US, for example, the average data breach costs over $8 million. It’s easy to see why many organizations make the unenviable decision to pay off cyber criminals.
Health care providers, law firms, and schools are especially vulnerable to this kind of attack. This may be driving a spike in attacks on educational institutions.
Data extortion has turned out to be so lucrative, some gangs are even trying to automate it. The Avaddon ransomware gang is one such case. Research suggests that they are attempting to monetize data leaks on a massive scale.
When they successfully infect an organization’s network, they download as much sensitive data as they possibly can. This data is then uploaded to their dark website, where a countdown begins. The victim has a few days to pay the ransom, or else all of the data will automatically be published.
At any given time, the details of multiple organizations are visible on their website.
Increasing Role of Denial-of-Service (DDoS) Attacks
To cope with the increasing cyber defenses, ransomware hackers are also turning to DDoS attacks. DDoS attacks shut down a system by flooding it with traffic. There are several ways this can help to squeeze money out of their victims.
One is by threatening to disrupt their business. For example, imagine hackers manage to lock a company’s files. They also steal sensitive data. This is a smart company with good backup procedures, though. They restore their systems from backups and quickly get back online, minimizing downtime.
At this point, the hackers can threaten to publish the private data they stole. If this alone doesn’t convince the victim, they can also threaten to launch a DDoS attack and further disrupt business. In some cases, ransomware gangs will also threaten to attack a company’s clients or customers.
One other way DDoS attacks are used is to distract security personnel. Large companies have dedicated IT security staff, and smaller companies may subcontract security services.
This means that network traffic may be monitored for unusual activity. A DDoS attack may be a minor threat, but it can distract IT security long enough to penetrate a network unnoticed.
Staying One Step Ahead of Attackers
There are a few ways to stay ahead of the new tactics used by hackers.
Encryption. Encrypting files can make things more difficult for hackers during an attack. Even if they are able to steal data, the data will be unreadable.
Get DDoS Protection. Specialized hardware and/or cloud based services can automatically detect and prevent DDoS attacks.
Conduct Regular Phishing Awareness Training. At the absolute minimum, have all employees attend a phishing awareness workshop once per year. This should inform them about the latest tricks used by hackers.
With ransomware on the rise, the old saying “An ounce of prevention is worth a pound of cure” is now as relevant as ever. It may seem annoying to put in the extra work, but cybersecurity threats are continuously evolving, so your defenses need to too.