24 May Ransomware – new attacks more targeted and damaging
Boards should be clear on how their organisation’s data and IT infrastructure is being protected against Ransomware, says Professor Kamal Bechkoum, Head of the School of Computing and Engineering at the University of Gloucestershire.
The Sophos State of Ransomware 2021 report, an independent survey of 5,400 IT managers in mid-sized companies in 30 countries, has revealed that 37% of organisations have experienced a ransomware attack over the last 12 months, down from 51% in 2020. In addition fewer businesses have suffered data encryption as the result of an attack, dropping from 73% in 2020, to 54% in 2021.
However, this positive reduction doesn’t tell the full story. The average financial impact of an attack over the same period has more than doubled, from US$761,106 in 2020, to US$1.85 million in 2021. The most likely reason behind this is that attackers are launching more complex and targeted attacks that are much harder to recover from.
One such example is the recent DarkSide ransomware assault against the Colonial Pipeline operator, the largest fuel pipeline in the US, resulting in a six cents per gallon price hike and forcing the American government to temporarily relax regulations on how long truck drivers are able to remain behind the wheel to improve fuel supply chain flexibility.
Worryingly the number of organisations paying a ransom has grown to 32% in 2021, compared to 26% last year. Despite this only 8% of companies that paid got all of their data back. Nearly a third, 29%, were unable to recover more than half of their encrypted data.
The new reality of ransom attack behaviour appears to be a switch from large-scale, automated attacks, to more targeted and specific objectives involving expert criminals getting hands-on-keyboards in their attempts to penetrate an organisation.
This means that the potential damage being done is far higher and often includes data-exfiltration followed by a threat to sell or publish that stolen information.
Many of the existing methods of resisting this state of affairs still apply: A culture of security should be fostered throughout the workplace. Staff need to be educated and trained to keep software applications and systems updated; files must be backed-up regularly; and networks require segmenting to ensure sensitive data is only accessible to those who need it when necessary.
COVID-19 has made firms increasingly reliant upon their online networks and remote-working capabilities. Given that 95% of internal breaches continue to be caused by human error the default approach to all Internet of Things (IOT) systems should always be one of suspicion.
The pressures of the pandemic and lockdown has left many workers tired, often putting them in a position where they might fail to fully check the veracity of texts and emails before reacting to them. This is when it becomes very easy to overlook crucial details and allow threats to slip through.
Everyone should be reminded to avoid the mistake of acting in haste. Staff at all levels should be encouraged to breathe, regroup and take their time before reacting. Asking the right questions, double-checking procedures and ensuring that colleagues are alert to cyber-security issues will make the difference between a secure operating environment, or crushing failure.