Over the last couple of years, the number of ransomware attacks has doubled. They are not only widespread, but also more sophisticated and aggressive, which is why they’re a threat to keep an eye on in 2024.
Before we get deeper into this, it won’t hurt to remind what exactly is ransomware and why it is considered one of the most destructive cyber threats these days.
What is ransomware and who are the main targets?
Ransomware is a type of malware (malicious software) that locks and encrypts data, leaving victims in the position of having to pay a ransom to avoid losing access to their data.
Businesses, especially high-income organisations, have been and will remain the primary focus of ransomware attacks. Recently, the most targeted industries have been manufacturing, services, retail, finance, and healthcare.
Why is ransomware growing so much?
One of the main reasons is Artificial Intelligence (AI), because it’s helping cyberattackers create malware that is faster, and can adapt and dodge traditional security practices.
In fact, according to Microsoft, 98% of ransomware needs less than 4 hours to infiltrate a company’s system, and the most malicious type can do it in just 45 minutes.
Plus, according to Alter Solutions’ cybersecurity expert Pankaj Dwivedi, there are several other reasons that may explain the exponential increase in ransomware attacks:
- Remote work
“Companies were not prepared enough for increased remote work environments. They have allowed remote work policies to avoid any business hampering, but there are still vulnerable areas that need to be addressed, like security awareness and response actions.”
- Cryptocurrency payment methods
“The anonymity with cryptocurrency payments is high, which makes it difficult for law enforcement agencies to track ransomware operators.”
- Increased dark web access
“Access to dark web has increased and so has the market with stolen data available for good monetary value.”
- Sophisticated techniques and tools
“Advanced encryption, extortion and ransomware deployment techniques, as well as access to various automated hacking tools and exploit kits, allows less skilled people to launch ransomware attacks.”
- Vulnerability and patch management
“Failure to identify vulnerabilities or to apply patches leaves companies and their infrastructure exposed.”
- Changing technology
“IoT [Internet of Things] devices for personal or business use may serve as an entry point for ransomware attacks. These are prone to being inadequately secured.”
- Reduced IT-security budgets
“Limited budgets may lead to poor planning, inadequate protection, obsolete infrastructure, insufficient training and management.”
- Lack of security awareness
“Security is only as good as its weakest link – humans. A proper training and awareness program makes employees vigilant and prepared, reducing their chances to fall victim of phishing and social engineering.”
- Limited security talents
“The talent pool of cybersecurity professionals is a major gap in the industry, which decreases companies’ chance to have robust defences.”
How can businesses prevent these attacks?
Pankaj Dwivedi identifies some preventive measures to avoid ransomware damage:
- Employee training and awareness
- Backup plan
“It allows a copy of a company’s data and systems to be restored in the event of an incident. The recommended approach is to have multiple backups in multiple locations.”
- Incident response plan
“It helps a company to detect and respond to cybersecurity incidents. This plan outlines the steps to be taken in the event of a ransomware attack.”
- Disaster recovery plan
“It focuses on how the company recovers and resumes its critical business functions after an incident.”
- Security control strengthening
“Companies can take preventive measures through user access management, vulnerability management, network segmentation, e-mail security solutions, endpoint protection, Zero Trust architecture, security audits, risk management, encryption of sensitive data, monitoring and threat hunting.”
How to react to a ransomware attack?
If a company’s system gets infected with ransomware, these are the general steps to be taken:
- Isolate the infected system.
- Identify the ransomware variant.
- Assess the damage.
- Initiate the incident response plan.
- Notify relevant parties and contact law enforcement.
- Restore data from backups.
- Communicate internally and externally.
- Perform post-incident analysis and security review.
- Align for cyber insurances claim.
Don’t pay the ransom
Alter Solutions’ expert advises companies not to pay the ransom “due to ethical reasons but also because it does not guarantee data recovery.”
In fact, according to Claroty’s recent study “The Global State of Industrial Cybersecurity 2023”, of the 75% of respondents who were targeted by ransomware attacks in 2023, 69% paid the ransom and 54% of those still suffered financial damages of $100,000 or more.
Ransomware in the near future
Industry experts agree that cyberattacks in general, and ransomware in particular, are expected to keep growing in 2024 and beyond. Pankaj Dwivedi shares the same opinion: “Insider threats, social engineering, lack of preparedness, Ransomware-as-a-Service (RaaS), technology exploitation and zero-day exploits can be seen in the present and are likely to continue in the future, since there is no defined mechanism to reduce emerging ransomware, other than training and awareness.”
In his opinion, “inadequate cybersecurity regulations, different payment methods, the evolution of AI and automation, ongoing geopolitical and economic tensions will further add to increased ransomware attacks in future”. At this pace, Cybersecurity Ventures predicts that a ransomware attack will occur every 2 seconds by 2031, costing victims around $265 billion annually.
That’s why, for companies looking to raise their security resilience and implement the preventive measures recommended earlier, Alter Solutions provides valuable services like Cyberdefence and Audit & Pentesting.