In the era of extensive reliance on technology and online access, it’s no secret that the consequences of ransomware can be severe for organizations of any size. Ransomware attacks are one of the most prominent threats in cybersecurity. With increasingly lucrative and disruptive tactics, cyber criminals are continuing to evolve their methods and increase their ransom demands as they master these malicious attacks.
My name is Jen Miller-Osborn, and I am the Deputy Director of Threat Intelligence at Unit 42. As a global threat intelligence team for Palo Alto Networks, we provide in-depth research that helps organizations determine how to best defend against and mitigate online threats. Our world-class cyber researchers and elite incident responders focus on collecting information about cybersecurity threats to protect the digital world from ransomware, malware, and other cyberattacks.
While usually discussed in the context of organizations and businesses, ransomware attacks pose a significant threat to anyone with a device connected to the internet. In this episode of the DevSecTalks series, I sat down with host Ashley Ward to discuss the topic of ransomware, as well as the motives behind this type of cyberattack and the measures individuals and companies can take to protect themselves at work and at home.
Ransomware 101
Ransomware is a type of malicious software that will encrypt all of the data on a given device, ultimately rendering that device unusable. This software holds the victim’s digital access hostage until the attacker receives a financial payment, typically distributed in virtual currency. Ransomware works by blocking access to files, networks, or computer systems, and often will attempt to spread to other connected devices with the intent to infect as many points of entry as possible.
Phishing emails are one of the most common forms of ransomware. These fraudulent emails are disguised as legitimate messages to trick the recipient into responding. The user may be enticed to click on a link, open an attachment, or directly provide sensitive information.
Due to its effectiveness in generating revenue, ransomware has become the largest threat facing organizations today. Ransomware attacks are a multimillion-dollar business, with cybercriminals targeting both individuals and corporations alike.
The Nature of Ransomware Attacks
Ransomware attacks are one of the most popular cyberattack methods and can occur in multiple formats, including silent infections from exploit kits, malicious email attachments, and malicious email links.
A common ransomware attack pattern begins with the ransomware operator targeting an organization. After encrypting data on their devices, the operator forces the victim to pay a ransom to unlock it. The operator may also steal important confidential data or shut down multiple organizational systems to coerce the victim to deliver the payment. If the victim refuses to pay the ransom, the operator might leak the victim’s data to other ransomware operators.
Over the course of a few years, the ransomware threat landscape has rapidly evolved. In the 2021 Unit 42 Ransomware Threat Report, we found that the highest ransom paid by an organization doubled from 2019 to 2020, increasing from $5 million to $10 million. Operators then exploited the COVID-19 pandemic in 2020, spiking demands with ransoms set as high as $30 million.
Avoid Becoming a Victim — Who Is at Risk of a Ransomware Attack?
The healthcare sector was the most targeted vertical for ransomware in 2020, according to our Unit 42 research. That’s not to say that smaller organizations are less at risk. While many operators focus on organizations that can pay large sums of money, others target mid-size to small businesses with valuable customer data or intellectual property — and few cybersecurity protections in place.
Pipelines and critical infrastructures tend to make headlines while small-scale ransomware attacks, equally common, fly under the radar. At the end of the day, every person with access to the internet is at risk of falling victim to a ransomware attack.
Ransomware operators are honing their tactics, making subtle advances in the familiar forms of emails, fake websites, and malicious file downloads. It’s becoming increasingly important to take action to mitigate the risk of ransomware attacks.
How To Prevent Your Organization Against Ransomware Attacks
Just like locks, keys, and other physical protections we use to secure a location or premises, building awareness is essential to defend our digital worlds against malicious emails, links, and downloads.
Here are five key steps everyone should take, both organizationally and personally, to prevent ransomware attacks:
- Verify that you have good backups of your data. Attackers can recognize whether or not your data is secure. If they find vulnerabilities in the data, they can use double extortion to trade the data and monetize their access before they encrypt it.
- Be careful about what you click. Avoid links and attachments that look strange. Taking the extra five minutes to verify that what you’re clicking on is legitimate can be the difference between additional verification and a ransomware incident.
- Create secure and different passwords for all your online accounts. Attackers can easily gain access to organizations by obtaining password credentials. And if you use the same password for multiple accounts, then they’ll be able to crack every login. Whether business or personal, take the extra time to verify that your passwords are different, strong, and unique for every single account.
- Ensure that your operating system is fully patched for the device (or devices) that you are using. When updates, virus software protections, and new patches are released, make sure to install them immediately for optimal protection.
- Keep up with all of the new updates within the cybersecurity space. Make it a habit to educate yourself every time something new comes out to ensure the best protection. This up-to-date knowledge will mitigate your risk of ransomware, malware, and other malicious cyber attacks.
A Glance Into Unit 42 Ransomware Research
Ransomware attacks can result in the disclosure of sensitive information, financial damage, or life-threatening healthcare incidents. A device that is impacted by ransomware can wreak havoc and disruption to business operations. With the company, client, and personal data at risk, implementing protection against ransomware is an essential requirement for every organization.
Unit 42 is a premier threat intelligence and cybersecurity consulting organization with a mission to defend others against today’s sophisticated ransomware attacks. To find more research and best practices for preventing ransomware attacks in your organization, start by downloading the 2022 Unit 42 Ransomware Threat Report.
Don’t worry — this download has our stamp of approval!
Did you enjoy this episode of DevSecTalks? Visit our website and tune in to our other sessions to hear from more DevSec industry experts who are building the future of cloud security.