Ransomware attacks are becoming more numerous and dangerous. According to a recent conference of European law enforcement agencies, ransomware activities have generated $350 million in 2020, a 311% increase from 2019. The site tracks payments and shows more than $45 million in payouts for the first half of 2021, based on public records of the various ransom blockchain transactions and victim reports.
A Twitter thread by security researcher Ming Zhao shows the depth of the ransomware marketplace and the variety of actors. The flow of funds from victims to criminals, how their attacks have grown, and how the price of cryptocurrency has influenced their actions are revealed in the thread.
As remote work continues and expands, better ways to secure workers’ connections to and from the organization’s data, both on the cloud and on-premises, are necessary. The risks are further compounded by the too-human inclinations of remote workers to give priority to completing tasks over best-security practices. It is possible for an employee, for example, to use the same password when shopping online and to gain access to critical corporate data from a home office connection. Among more tech-savvy users who should know better, a software deployment might contain code with vulnerabilities because the developer team opted to meet a deadline while forgoing proper security checks for their code before putting the application into production.
For these remote data-access risks, VPNs don’t cut it anymore. They are based on the incorrect assumption that both sides of the VPN tunnel are secure. Since the pandemic began, more corporate workflows traverse the general Internet where they can be more easily compromised. Anyone in an organization can become a target because attackers are looking for weak points in IT infrastructure.
Added to these trends, Ransomware as a Service organizations have become popular. They make ransomware easier to deploy and more lucrative to operate. And it isn’t just business networks that attract attackers, either. Internet-of-Things (IoT) devices (such as Nest thermostats and connected TVs) and industrial-control systems are targets, too.
Attackers have gone a step further by compromising supply chains. This is what happened to software from SolarWinds and, more recently, with Kaseya VSA. Ransomware attackers now combine the initial encryption attack with follow-up threats to post stolen data from their targets. Security-services provider Emisoft reported in a survey that 11% of ransomware attacks involved data theft during the first half of 2020, a number that continues to rise in 2021.
The feds are trying to stem this tide, what with a variety of executive orders, a two-day international conclave held last month, and the latest attempt to arrest one of the Russian hackers involved in the Kaseya attack. Oddly, REvil, one of the most pernicious of these hacking groups, took down its infrastructure in July. We say odd because no one knows the cause or the details behind the takedown. Whether or not these efforts bear fruit, taken together, they show that fighting ransomware will require many different initiatives and methods at various regulatory levels. This, combined with a variety of protective technologies and tools, will require careful attention to all details across the entire organization and the entire network — as so many attacks have shown, hackers only need to find one weak link to compromise.
I always learn so much from you! Love it… but now I’m terrified. Lol.