Cyber Extortion is the New Ransomware
The last time we blogged about ransomware we talked about how it works, the top three ways it occurs, and how it infiltrates a system from start to finish. In its most basic form, a ransomware attack is when hackers encrypt your files and extort you to pay their ransom in order to regain access to your data. Unfortunately, ransomware continues to be a major issue for companies of all sizes. And it is getting worse. Attacks have been on the rise in 2021.
Hackers are increasingly changing their attack strategy and evolving their tactics. The latest ransomware strategy takes privacy infringement even farther. Besides holding their victims’ files for ransom, they are also starting to inform their victims that they will release the data captured from their attack. In other words, hackers are now looking to exploit the data for more than just a one-time payment and are developing alternate revenue streams.
What does this mean? No longer is a victim safe from ransomware simply because they backed up their data—the victim can then restore their data and not have to pay the hacker’s ransom to get their files back. Now, the hacker demands ransom in order to NOT release your data to the public, so even if you have good backups of your data, the hackers may still be able to extort you or your company.
RECENT RANSOMWARE EXTORTION INCIDENTS
Data extortion attempts now occur in 77 percent of all ransomware attacks, according to Coveware’s Q1 2021 Quarterly Ransomware Report. This is an increase in 10 percent from Q4 2020. Examples of recent extortion incidents include:
Accellion’s FTA was exploited by Clop ransomware in late December of 2020. Two zero day flaws were exposed, allowing for remote code execution against unpatched systems. Other examples of recent ransomware incidents include:
Computer Acer suffered a cyber extortion attack and was told to pay $50 million in ransom—the largest known ransom to date. REvil is believed to be responsible for this attack. The breach was posted on their website and they leaked some of the stolen information.
Sierra Wireless also suffered a ransomware attack earlier this year. As a producer of IoT devices, the attack forced them to halt their manufacturing as its internal systems took the brunt of the attack.
HOW TO PROTECT AGAINST RANSOMWARE
Malware comes in all shapes and sizes. It doesn’t technically become ransomware until the attacker demands a ransom. Cyber attacks have all sorts of motivations. Not all are based on extorting the victim. Here are the most helpful tips for protecting yourself and your company:
EDUCATION. We’ve talked about this before, but cybersecurity awareness training for yourself and your staff about phishing emails, good security practices in general and other compliance topics will help protect you from ransomware and other security issues. Lack of education leads to weak access points.
LIMIT ADMINISTRATIVE ACCESS. The principle of least privilege is an axiom for all security professionals. Most users do not need administrative or privileged access (even though they think they do). Hackers love to leverage accounts with admin privileges or find ways to elevate privileges. Limiting admin privileges limits the impacts of ransomware, the impact of malware and other security breaches.
HARDEN YOUR INFRASTRUCTURE. Make sure you have good backups. Backups are still key to protecting your data from ransomware, malware and other types of data loss. Disable inbound RDP (Remote Desktop Protocol) to prevent access from the outside-in. Ransomware is fundamentally a human problem, brought about by how poorly certain technologies are implemented and used.
THE RANSOMWARE TASK FORCE
A new industry task force lead by the U.S. Department of Justice and some of the world’s top tech firms and leading authorities prepares to tackle the threat of ransomware with a comprehensive framework for action in the 81-page report, Combating Ransomware. The report declares “ransomware is no longer just a financial crime; it is an urgent national security risk that threatens schools, hospitals, businesses, and governments across the globe.”
The first of its kind to address ransomware on a worldwide level, the coalition seeks a collaborative effort to locate, apprehend, and penalize hackers. The Ransomware Task Force Framework is organized around four strategic goals: deter ransomware attacks; disrupt the ransomware business model; help organizations prepare; and respond to ransomware attacks more effectively.
WORK YOUR DEFENSES
The new ransomware trend is moving away from straight encryption and more towards the theft of data with the threat to release. Hackers are constantly trying to update their methods. Unfortunately, no backup is going to save you from a guy threatening to release your private customer data to the internet. This is why it is critical to make it continuously harder for hackers to infiltrate your defenses. Contact your trusted CMIT advisor for help in educating your organization and protecting your infrastructure. No one wants to find out just how much their private information is worth.