As Ransomware Threats Continue To Evolve, Containing Attacks Before They Escalate Is A Must

“That’s a nice business you’ve got. It would be a shame if anything was to happen to it!” That, in a nutshell, is the classic gangster’s extortion pitch: fleecing victims for their hard-earned money by threatening that something terrible will befall their livelihood if they don’t stump up the cash.

In the modern world, such threats have changed form. While there are most likely still real-world protection rackets that operate like this, many attackers have embraced the digital world to operate a cyber version of this scam; leveraging the importance of a target’s data as a way of bilking money out of them.

This is what is known as a ransomware attack. A classic ransomware attack refers to a type of cyber attack in which attackers break into computer systems and encrypt key files, which the user must then cough up money to regain access to. When the ransom is paid, the attackers send access to a decryption key which restores access to the files. If the money is not forthcoming, the files remain permanently locked and inaccessible. Defending against attacks such as ransomware is a key reason why the use of security measures like risk analytics are so essential for organizations.

Evolving forms of ransomware

Traditional ransomware attacks are bad enough. But more recently there has been a new type of attack, referred to as a double jeopardy ransomware attack. In a double jeopardy attack, the overall trajectory of the ransomware attack remains the same: Malware is used to infect a computer system, prior to the encryption taking place, and the extortion notice sent to the victim. The “double jeopardy” part refers to the fact that the ransomware software isn’t simply used to encrypt files, but also to steal that data and send it to off-site servers. Victims do not know where the data has been sent or, in many cases, which data has been stolen from them. However, the threat comes from the fact that it’s not simply about a victim losing access to their personal data, but also the risk that this data could be uploaded to the Dark Web, sent to rival organizations, or otherwise abused in a way designed to cause damage. This adds an extra incentive to targets paying the ransom demanded of them.

Buoyed by this new spin on cyber attacks, overall ransomware attacks have surged. According to recent data, ransomware attacks rose by a massive 288 percent between Q1 and Q2 2021. Many of these attacks involved data theft. The problem of ransomware has become so bad that, in late August, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued an official warning about the threat of ransomware and when it is likely to strike. Large numbers of these attacks are timed for points in the year when security may be at its most lax, the same way that burglars may target a house when its occupants are on vacation, at work, or asleep.

For example, a Kaseya supply chain attack targeted at Managed Service Providers (MSPs) took place on the July 4 “Independence Day” weekend in the United States. Meanwhile other recent cyber attacks — such as one on America’s largest meat processor — took place on public holidays like the Memorial Day weekend. In all cases, the goal of attackers is to cause as much chaos as possible at a time when defences may be at their weakest.

Protecting against attack

Ransomware attacks are not the only form of cyber attacks that exist, of course — even if they are becoming increasingly commonplace in 2021 due to their potential for monetizing a target’s misery in a way that is tougher to achieve through other forms of cyber attack.

What many contemporary cyber attacks have in common is that they attempt to exfiltrate sensitive data which can then be abused. To safeguard against this, organizations must make sure that they have protective tools in place to protect against data theft. Continuous visibility is essential to paint an accurate picture of who is accessing data at any given moment, as well as what it is that they are doing with it.

As cyber attacks continue to evolve, and there are new requirements from users concerning access to data, organizations must be ready to step up. Data risk analytics can help identify this information by applying advanced big data analytics to activity as a way to spot troubling developing patterns that require investigation. Faster mitigation of risk and incidence response is a “must have” in the modern cyber security landscape.

Thanks to measures such as these, as well as other protective solutions that can help lock down sensitive data and safeguard against attacks, both users and organizations can protect themselves against the worst that cyber attackers have to throw at them. It’s an investment that every organization should take incredibly seriously.