Contents
Ransomware attacks have increased significantly, 2021 seeing the number of attacks doubling in comparison to the previous year. This has been in part due to the way ransomware has been evolving and the success rate it has seen. Failure to defend against these newly evolved methods can be disastrous for any business.
Hybrid working has also been responsible for the significant increase in ransomware attacks, and as this method of working continues to be adopted, it is vital that businesses look into how to sufficiently protect themselves.
In this article we will go over the different types of ransomware a business might face, the main causes behind the increase in attacks, variants of well-known pieces of ransomware, and what CISOs can do to increase protection for their organisation.
Dramatic Increase in Ransomware Attacks
Following Check Points mid-year security report, it was found that ransomware attacks increased by 93% in 2021, compared to the same period the previous year. This dramatic increase is on the mind of many cybersecurity experts, with alarm bells ringing into why there is such an increase, in what form are the attacks coming, and what if anything, can be done about it.
One of the major reasons for the increase in ransomware attacks, is due to the shift to hybrid working. With this shift in how organisations operate, cyber criminals have been looking to exploit this new style of working, whilst the transition has been taking place. During the transition period there was an increased risk to cybersecurity with many employees not being aware of the dangers out there, not being thoroughly educated, or the businesses security infrastructure not being able to handle attacks with a hybrid workforce in place.
Another driving factor for the increase was the state the pandemic left many organisations. With the uncertainty around working during the pandemic, and many sections of the business being furloughed or working part time, there was plenty of opportunity for criminals to exploit weaknesses, and remain undetected until the crime has been committed.
During the times of uncertainty, criminals were more committed than ever, and were able to use newly evolved techniques to exploit every opportunity that came their way. As a result many organisations ended up paying ransoms which only served to encourage more criminal activity.
Types of Ransomware
In previous years, there have been two main types of ransomware, encryptors and screen lockers. More recently new techniques have evolved known as: double extortion and ransomware as a service or RaaS.
Encryptors or Crypto Ransomware
One of the most common forms of ransomware, it encrypts certain files, folders or pieces of data to render it inaccessible. The only way this data can be accessed again is by paying the ransom to be provided with the decryption key. This type of ransomware can be spread into the system by a number of different ways including: malicious emails, websites and downloads.
Screen Lockers or Locker Ransomware
Another very common form of ransomware. This type will block access to an entire computer system once inside, and cannot be removed until the ransom is paid. The attack will appear in the form of a popup stating something similar to the following: “Your computer has been infected with a virus. Click here to resolve the issue.”
Double Extortion Ransomware
A modern type of ransomware that will encrypt files as well as export data in order to extort a ransom from the victim. This form of attack allows criminals to threaten to publish stolen data if demands are not met. It also allows them to circumnavigate any organisation that restores data from a backup, as the attacker will still have control over data and their systems.
Ransomware as a Service
There are now a subset of cyber criminals with an entrepreneurial streak that will host their services on the dark net, and make them available to others at a price or subscription. Fees for such services can depend on the complexity and features they offer. With each ransom they successfully extort, a percentage will go to the RaaS provider.
Ransomware Variants
Unfortunately, it is not only the different types of ransomware that you need to be aware of but also the different strains that you might come across. There are a great number of ransomware strains which are beginning to grow in variety, here are a few that have been discovered in recent years.
Bad Rabbit
Discovered in October 2017, this variant uses fake adobe flash installer advertisements to target victims. Once the device is infected, it will demand a ransom of 0.05 bitcoin and increase the ransom every 40 hours if left unpaid. It infects a system by exploiting EternalBlue and encrypts the MBR.
GandCrab
Discovered in Jan 2018, this was the first RaaS variant to demand payments in the cryptocurrency Dash. GandCrab spread through emails, exploit kits and other types of malware campaigns. In 2019, the criminals behind this variant retired and released a decryption tool.
Ryuk
Discovered in August 2018, this was one of the first variants to encrypt network drives. It deleted shadow copies and disabled Windows System restore making it impossible for victims to recover without external backups or rollback technology. Ryuk is distributed via phishing emails that contain malicious Microsoft Office documents.
REvil
Discovered in April 2019, this variant is often known as Sodin and Sodinokbi. Early attacks exploited an Oracle WebLogic vulnerability and a Windows zero-day vulnerability. Later exploits infiltrated systems through phishing, Remote Desktop Protocol (RDP) flaws, VPN attacks and supply chain attacks. It uses double extortion and has a dark web leak site, known as the Happy Blog. A universal decryptor was released in September 2021 for victims of attacks pre-July 13, 2021.
How CISOs Can Mitigate Ransomware Security Risks
Here is a list of the best practices your business can take in order to prevent any future cyber attack.
Educate staff
By educating your members or staff to identify and avoid ransomware you will be taking the biggest step in preventing an attack. Show them how to identify phishing emails and test them regularly and without warning, to ensure they are sufficiently educated.
Use 3-2-1 backup methods
The 3-2-1 backup method includes all of the following: have 3 different backup versions, store the backups in 2 different locations with at least 1 of the locations being completely offsite.
System updates
Make sure that all systems and software are as up-to-date as possible with the latest patches.
Routine testing
Carry out routine ransomware testing on the network as a precaution to see if anything malicious is taking place. A routine test can help catch ransomware before it is finished infecting your system. It can also lead to any possible leaks or unprotected areas.
Email filters
Set up email filters that can help identify and detect harmful or potentially harmful emails. Set them up to recognise any potentially malicious attachments or links.
Blockers
Set up blockers for any unauthorised programs to stop them running and whitelist all permitted apps.
User permissions
Make sure that users only have the rights and permissions to access areas they need to on the network.
Keep your organisation protected from ransomware
With ransomware attacks increasing, it is vitally important that every CISO is up to date with the types and variants of ransomware they might face in order to keep their organisation as prepared as possible.
Staying on top of tactics used can help create better and more effective strategies, especially if the dynamic of the workforce changes in the post pandemic environment.
Without the right strategy in place, a successful ransomware attack can seriously impact your business. By working with cybersecurity experts such as ourselves, you can begin to protect your business, educate your employees and keep your data secure. Get in touch with our team to work on your cybersecurity strategy and overcome any challenges you might have. Call us on 01252 917000, email enquiries@bluefort.com or get in touch with us via our contact form.
