High Impact Ransomware Attacks are on the Rise in 2020
Security expert Samuel Bocetta explains how to prevent or recover from ransomware.
By Samuel Bocetta03/16/2020
There’s a new, emerging form of malware on the rise in 2020. Known as disruptionware, it is defined by the Institute of Critical Infrastructure and Technology (ICIT) as a “category of malware designed to suspend operations within a victim organization through the compromise of the availability, integrity, and confidentiality of the systems, networks, and data belonging to the target.” In other words, it affects a business's ability to function remotely.
Although malware and ransomware attacks can be extremely damaging to your business, the new, emerging forms of disruptionware can actually be more crippling. This is because disuptionware is specifically designed to encrypt data and prevent user access, while also working as a multi-layered attack that disrupts any kind of infrastructure or manufacturing production. It can also be used to access digital assets. If a bad agent's goal is widespread business disruption, then disruptionware lives up to its name.
A New Form of Attack
Although disprutionware is an entirely new form of cyberattack, it has consumed many traditional forms of attack (wipers, ransomware, automated components, bricking capabilities, network reconnaissance tools, data exfiltration tools, etc.) and made them part of its overarching strategy.
This makes for an incredibly potent cybersecurity threat. Especially in cases where businesses are holding a lot of customer payment data, they rely on this functionality to help others in need. Where they utilize merchant services, which for all the capabilities they can provide to the business’ needs, they can also often transmit sensitive information.
Alongside this, more traditional ransomware attacks--where a user's access to a computer system is blocked until a ransom is paid--are more present than ever, threatening businesses, educational institutions, hospitals, and healthcare providers and even the government. In fact, ransomware is so incredibly dangerous in its own right that the FBI released a clear warning to the public that key public and private sector institutions were in grave danger of attack.
In fact, it has been noted that there has been at least 621 successful ransomware attacks in 2019, all of them against US companies. 491 of these attacks were against healthcare companies, 62 were on schools and 68 were targeted at government institutions.
There are instances where a company is mistakenly trying to save money by storing data on dubious cloud platforms that may not have the same level of security as most major cloud providers. In this case, an experienced hacker can easily take advantage of this situation and put the company or hospital in a position where it has to pay the ransom in order to even function.
This is especially dangerous because ransomware renders facilities incapable of providing healthcare to patients who need it most. And paying the ransom is no guarantee that your missing data will be returned. It has been reported that ransomware payments for 2019 were in excess of $11 billion -- an increase of nearly 30% compared to 2018. This is only likely to increase as American companies of all sizes continue to flourish.
Advanced Attacks Require an Advanced Response
Accompanying advancements in traditional ransomware and disruptionware, bad agents are also using more complex techniques when it comes to their cyberattacks. One of these is what is called a Remote Desktop Protocol attack, wherein an attacker takes remote control of your desktop, often as a means to launch a malware attack. They’re also taking advantage of common cybersecurity weaknesses, such as security mistakes made by remote workers, like connecting over unsecured networks.
This is problematic because very few businesses are actually taking the necessary (and even basic) steps to prevent this. Not all companies are ensuring that their login credentials are strong, secure, and well managed. Many even use the default passwords provided by the software companies - which are easily cracked and well known by hackers.
Even fewer companies are using VPNs to secure connections when employees work remotely. And companies aren’t taking the necessary steps to determine which software is secure from vulnerabilities that hackers can easily take advantage of.
The FBI’s public service announcement acts as a clear warning to all companies of the cybersecurity risks that exist and the lengths they should go to in order to counter them and maintain their security in the future. This is especially important now that disruptionware and ransomware are on the rise. Plans to increase security should have clear responsibility for individuals and company-wide education that ensures all employees are aware of the risks and countermeasures.
Also, companies must have a clear recovery plan in place that details how the company will return to full functionality if they are hit with a disruptionware or ransomware attack. They should conduct full reviews of their system for backups and assess how reliable and secure these backups are, so that in the event of an attack they can be utilized to get back to functionality as soon as possible.
With high-impact ransomware and disruptionware on the rise in 2020, it’s crucial that businesses understand the threat of these innovative forms of cyber-attack pose and the necessary steps that must be taken in order to prevent them. If they don’t, they could face a full shutdown of business systems and a costly ransom to pay.