Your Cyber Security Strategy Should Evolve With Evolving Ransomware
The ransomware crisis has been growing in both intensity and frequency. Moreover, due to the greater number of countermeasures taken by authorities, threat actors have evolved their ransomware tactics.
However, we should know that all ransomware is not the same. Ransomware is not always the same. It has various types and we need to know them. Let’s discuss them in the next section.
Types of Ransomware
The basic categorization of ransomware can be done by differentiating it based on how it is being operated i.e if it’s being operated automatically or if it’s being handled with human intervention.
Based on this, we can categorize ransomware into two types-
- Commodity Ransomware
- Human-Operated Ransomware
In this type of ransomware, the malicious actors run a phishing campaign on victims. This phishing campaign is used to deliver the malware to the victim’s computer. However, after the malware is on the system, the commodity software works automatically to carry out its mission. This type of ransomware aims to infect a big number of systems and expect some of the victims to pay up the ransom.
Evolution of Commodity Ransomware:
Initially, commodity ransomware meant encryption of files on a single system. Unintentional encryption of files on network drives mounted by the system also took place in some cases.
However, this ransomware evolved to perform an extra function. The malware started to search for the network drives that the user had not already mounted but could be accessed by them. With this evolution, the ransomware target changed from an individual trying to pay up to recover personal stuff to an organization trying to recover very sensitive data. This increased the attacker’s chances of receiving a ransom as the data encrypted is more valuable than before.
In the next evolution of commodity ransomware, the ransomware started combining with a worm. This turned out to be a big breakthrough for malicious actors as the ransomware now became self-replicating. The ransomware infects one user’s system after trapping them through a successful phishing attack, which then goes on to infect other neighboring systems. The WannaCry Ransomware is the biggest example of evolved commodity ransomware.
This is a more sophisticated and targeted type of ransomware. This kind of ransomware initially looks for an opening into the organization. Thereafter, it sets itself into the organization but progresses with many following steps.
It takes a long time for human-operated ransomware to achieve its goal. This is because the ransomware is guided manually to adjust to the target environment and the goal set by the threat actor for the ransomware.
The attacker first gets all attack factors into place in different parts of the organization’s network. As the data to be encrypted is previously identified by the attacker, all valuable files get encrypted at a specific time chosen for the attack.
Human-operated ransomware is typically launched with the aim of credential theft but these can also result in bigger consequences that can prove to be catastrophic for the organization.
Evolution of Human-operated Ransomware:
With time, organizations have matured in terms of cyber security arrangements. Therefore, the practice of data backup has gained some popularity and momentum among organizations. This practice aims to facilitate the easy restoration of data in case of mishaps. But malicious actors have developed a way around this.
The evolved human-operated ransomware will render the encrypted copy of data useless and will make it public if ransom payment is not completed. The Ryuk ransomware campaign is a good example of human-operated ransomware.
The Bigger Question: Will Paying Ransom Make Everything Alright?
A victim is not likely to pay any ransom to a ransomware gang if they know that any such payment will fund terror activities. It is precisely for this reason that ransomware gangs have developed themselves into ransomware brands.
If a victim knows that some other victim affected by a particular brand of ransomware paid the ransom but still didn’t get their data back, they are less likely to pay the ransom. Therefore, ransomware gangs have now deployed their teams to pass on the message of successful two-way transaction of ransom and data in case of ransom payments by the victims. How ironic is that — ‘Bad guys trying to improve their market image’.
But What Can Organizations Do?
Today, cyber security is a boardroom discussion for many organizations. They are serious about minimizing their losses due to cyber attacks. More so in the case of ransomware as the incidence and intensity of this attack vector has grown over time.
Did you know that a prediction says that ransomware cost will grow exponentially to reach $265 billion by 2031?
To have an idea about how serious ransomware has become as a threat, a cue can be taken from the ransomware attack on Acer, where the company ended up paying a ransom of $50 million to the REvil hackers group.
If ransomware is growing at that pace, a strategy to ward them off should grow equally. In this blog, we mention two major tools that might help you in keeping the ransomware threat at bay.
Cyber Security Awareness Tools
Today, cyber security awareness tools provide a modern method to teach and train employees how to identify and defend against cyber threats. ThreatCop is one such best-of-the-class security awareness tool that offers simulation in 6 different attack vectors including ransomware. It comes with a huge library of awareness content for the users to learn through better engagement.
Phishing Incident Response Tools
A phishing incident response tool like Threat Alert Button (TAB) helps the user to report a phishing email on spot. Thereafter, TAB removes the phishing email from the inboxes of all the users in that network. As phishing is a common method of delivering ransomware into organizations, a tool like TAB can effectively eliminate the phishing email and eventually ransomware threat at its onset.
Ransomware has become an evolved monster. Threat actors are using newer techniques for the deployment of malware and the encryption of data. But all of this can be avoided with greater vigilance and better technology. An organization can save millions of dollars and a lot of person-hours by only following cyber security best practices.