Ransomware tops the list of cybersecurity threats for 2020.
While there have been efforts to convince individuals, corporations and municipalities not to pay ransoms, the simple fact is that whenever one is paid, the attack becomes asuccess that encourages cyberthieves to try again.
Ransomware attacks increased 18 percent in 2019, up from an average 12percent increase over the past five years, according to research from cyber risk insurance firm Chubb. It accounted for 40 percent of all manufacturers’ cyber claims, and for 23 percent of cyber claims for smaller businesses last year.
“Ransomware has not only continued to grow over the years, but it hasalso attracted more organized criminals who have begun targetingspecific industries,” said Javvad Malik, security awareness advocate at KnowBe4.
That “has not only increased successful infections, but has also made criminals more brazen in the demands they’ve been making,” he told TechNewsWorld.
One irony of ransomware is that it remains among the easiest threatsto control. Prevention would be effective if users would refrain from going tountrusted websites or from opening suspicious email attachments.
“Ransomware will continue to be an issue until such time that apreventative measure can be found or every user can be educated wellenough to not open files from unknown sources,” said Tom Thomas,adjunct faculty member in Tulane University’s Online Master of Professional Studies in Cybersecurity Management program.
Ransomware is particularly nefarious because of its broad targets: individuals, businesses, government agencies and cities. The number of ransomware attacks increased in 2019 — but worse, 22 of those cyberattacks shut down city,county and even state government computer systems.
If it can’t be stopped, the next best option is to make it lessprofitable. As a result of the attacks on municipalities, more than225 U.S. mayors last summer signed a resolution at the U.S. Conference ofMayors, pledging not to pay the hackers.
“Ransomware does not judge nor care if you are an individual,government or organization. It’s about greed — and let’s be honest,organizations have more money than individuals,” Thomas toldTechNewsWorld.
“The mayors’ pledge is so much political maneuvering and sound bites. Their pledge means nothing to threat actors and criminals,” he added.
Those pledges are not the end of the story — they are just the beginning, said KnowBe4’s Malik.
“Like an animal that acquires the taste of human flesh after its firstkill, the rise and success of ransomware has given cybercriminals thetaste of data,” he remarked.
A pressing concern is what those criminals might do with the data.
“It will be common to see ransomware coupled with threats of dataexposure as ransomware strains developers and expands on new methodsto demand payment,” predicted Erich Kron, security awareness advocate atKnowBe4.
“We have seen these threats for years; however, data exposure hasalready happened late in 2019 and will become a common practice in2020 for those who don’t pay,” he told TechNewsWorld.
A King’s Ransom
City leaders may have more leverage in deciding not to pay aransom than businesses, many of which have succumbed. For some companies, ransomware payouts now are factored in as an added cost of doing business.
“From the perspective of a business owner of any size, ransomware isa frightening proposition. Imagine all of the endpoints in anorganization failing in a few hours,” warned Jason Kent, hacker inresidence at Cequence Security.
“Given that most organizations have difficulty doing the basics,knowing their assets, knowing if these assets are secured and patched,backing up data, etc. — the rise of ransomware in the next few yearswill be most likely a foregone conclusion,” he told TechNewsWorld.
“If we look at the organizations that have been hit with ransomware,the recovery process was painful and took huge amounts of effort toget back online,” Kent added. “If we are to make it through 2020 withour systems intact, we have to watch out for the ever-changing threatlandscape.”
Although not new, the very sinister “wiperworms” threat, which first appeared as a new form of malware in spring of2018, could be on the rise. Wiper worms, which can be very sophisticated programs, generally have three targets: files/data, the boot section of acomputer’s operating system; and system and data backups.
“While not as common as ransomware, this type of malware is a majorrisk because of the devastating outcomes of such attacks,” saidYaron Kassner, CTO of security firm Silverfort.
One significant concern is that a wiper could be deployed on anetwork, and instead of merely locking out a user, it could be functionmuch like an even more insidious form of ransomware.
“I see wiper worms as one of the top cyberthreats for 2020,” Kassnertold TechNewsWorld.
Those hit by such an infection may not even be able to rely onbackups, which also are infected. If users restore data compromisedby the worm, that doesn’t resolve the problem, as each resoration attempt only replicates the problem.
“Once attackers have a foothold, it’s easier for them to encrypt datafor ransom than to exfiltrate data to sell on the dark Web,” notedWilly Leichter, vice president at Virsec.
“Cryptocurrencies now make it easy for criminals to monetizeattacks anonymously,” he told TechNewsWorld. “Recent attackshave encrypted data and threatened to expose it publicly if the victimdoesn’t pay up. While this is probably a bluff, it raises theperceived stakes for victims, increasing their desperation andwillingness to pay.”
Recovery Efforts Lacking
Another troubling component of ransomware and wiperware is the effort required to recover from such an attack. Few businesses have a strategy in place should such an attack occur.
“According to a recent Forrester report, most businesses are in denialabout their ability to recover from such an attack,” said Sean Deuby, director of services at Semperis.
“Seventy-seven percent are confident or very confident, but only 21percent have contingency plans in place, and less than half that — 11percent — believed they could recover within three days of an attack,”he told TechNewsWorld.
“Organizations must take a clear-eyed, hard look at how unpreparedthey are for a denial-of-availability malware attack and reshuffletheir priorities accordingly,” Deuby added. “Ransomware and otherwiperware is unprecedented in its ability to lay waste to a corporatenetwork without regard to physical location: NotPetya permanentlyencrypted 55,000 Maersk servers and other devices around the world in7 minutes.”